topic Re: Ultrasurf Block on R81.20 in Firewall and Security Management

Ultrasurf Block on R81.20

VIKASH_GIRI — Wed, 12 Feb 2025 07:26:33 GMT

Hi Team,

I m trying to block ultrasurf but its not getting , when check logs its ultrasurf is block but i am to acceess.

Re: Ultrasurf Block on R81.20

emmap — Wed, 12 Feb 2025 08:08:32 GMT

I don't know that being able to open its page on the chrome web store is a valid test.

Re: Ultrasurf Block on R81.20

VIKASH_GIRI — Wed, 12 Feb 2025 08:16:57 GMT

yes, i am able to add chrome extension and able to use facebook which we blocked.

Re: Ultrasurf Block on R81.20

Lesley — Wed, 12 Feb 2025 21:01:54 GMT

Traffic is allowed towards the chrome store not the ultrasurf website. If you want to manage web browser extensions it should be done on GPO level (AD). Or block the chrome store, but then you block all extensions

If user installs extension does this extension work? If so, do you run HTTPS inspection? Or you have categorize https websites enabled?

https://community.checkpoint.com/t5/Management/Difference-between-HTTPS-Inspection-and-Categorize-HTTPS/td-p/20073

Re: Ultrasurf Block on R81.20

the_rock — Thu, 13 Feb 2025 02:01:54 GMT

What @Lesley said is 100% correct. I will test this in my lab tomorrow, since I have ssl inspection enabled, but I doubt it will be any different.

Andy

Re: Ultrasurf Block on R81.20

VIKASH_GIRI — Thu, 13 Feb 2025 12:57:42 GMT

hi,

Ultrasurf is vpn proxy which used to bypass the firewall to use block website, so when we add ultrasurf on ext it will allow you to access all blocked content.

Go through below link

Solved: Best Practices Against Ultrasurf - Check Point CheckMates

Re: Ultrasurf Block on R81.20

Lesley — Thu, 13 Feb 2025 16:09:04 GMT

Let me change my questions, why would you let users to install any extension what they want?

Now it is Ultrasurf next week something else. I think you should start with the basic and do something with GPO. There are malicious extension for example: https://www.kaspersky.com/blog/dangerous-browser-extensions-2023/50059/

Re: Ultrasurf Block on R81.20

PhoneBoy — Fri, 14 Feb 2025 04:27:54 GMT

Allowing users to install random browser extensions is considered poor practice.

Having said that, to fully block Ultrasurf, you need to make sure you have a strict outbound policy (only specific web ports allowed) and use HTTPS Inspection + App Control.
Ultrasurf is also known to be very evasive and we’ve had to adjust the signature for it in the past.

Re: Ultrasurf Block on R81.20

the_rock — Sun, 16 Feb 2025 01:16:57 GMT

Were you able to fix it?

Re: Ultrasurf Block on R81.20

VIKASH_GIRI — Mon, 17 Feb 2025 06:18:30 GMT

we are doing setup for University where students will BYOD and we don't have control over them, so need to block what possibility we found .

Re: Ultrasurf Block on R81.20

the_rock — Mon, 17 Feb 2025 12:15:41 GMT

What was already suggested is probably your best bet.

Andy

Re: Ultrasurf Block on R81.20

Lesley — Mon, 17 Feb 2025 21:21:00 GMT

So no https inspection. That will be a pain. Is categorize https websites enabled in Smart Console?