This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VIKASH_GIRI
Contributor
‎2025-02-11 11:26 PM

Ultrasurf Block on R81.20

Hi Team,

I m trying to block ultrasurf but its not getting , when check logs its ultrasurf is block but i am to acceess.

 

 

Preview file
67 KB
Preview file
381 KB
0 Kudos
11 Replies
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2025-02-12 12:08 AM

I don't know that being able to open its page on the chrome web store is a valid test. 

0 Kudos
VIKASH_GIRI
Contributor
‎2025-02-12 12:16 AM
In response to emmap

yes, i am able to add chrome extension and able to use facebook which we blocked.

 

0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-02-12 01:01 PM

Traffic is allowed towards the chrome store not the ultrasurf website. If you want to manage web browser extensions it should be done on GPO level (AD). Or block the chrome store, but then you block all extensions

If user installs extension does this extension work? If so, do you run HTTPS inspection? Or you have categorize https websites enabled? 

https://community.checkpoint.com/t5/Management/Difference-between-HTTPS-Inspection-and-Categorize-HT...

-------
Please press "Accept as Solution" if my post solved it 🙂
VIKASH_GIRI
Contributor
‎2025-02-13 04:57 AM
In response to Lesley

hi,

Ultrasurf is vpn proxy which used to bypass the firewall to use block website, so when we add ultrasurf on ext it will allow you to access all blocked content.

 

Go through below link

Solved: Best Practices Against Ultrasurf - Check Point CheckMates

Preview file
34 KB
Preview file
19 KB
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-02-13 08:09 AM
In response to VIKASH_GIRI

Let me change my questions, why would you let users to install any extension what they want?

Now it is Ultrasurf next week something else. I think you should start with the basic and do something with GPO. There are malicious extension for example: https://www.kaspersky.com/blog/dangerous-browser-extensions-2023/50059/

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
VIKASH_GIRI
Contributor
‎2025-02-16 10:18 PM
In response to Lesley

we are doing setup for University where students will BYOD and we don't have control over them, so need to block what possibility we found .

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-02-17 04:15 AM
In response to VIKASH_GIRI

What was already suggested is probably your best bet.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2025-02-17 01:21 PM
In response to VIKASH_GIRI

So no https inspection. That will be a pain. Is categorize https websites enabled in Smart Console? 

Lesley_0-1739827251371.png

 

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-02-15 05:16 PM
In response to VIKASH_GIRI

Were you able to fix it?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-02-12 06:01 PM

What @Lesley said is 100% correct. I will test this in my lab tomorrow, since I have ssl inspection enabled, but I doubt it will be any different.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
PhoneBoy
Admin
Admin
‎2025-02-13 08:27 PM

Allowing users to install random browser extensions is considered poor practice.

Having said that, to fully block Ultrasurf, you need to make sure you have a strict outbound policy (only specific web ports allowed) and use HTTPS Inspection + App Control.
Ultrasurf is also known to be very evasive and we’ve had to adjust the signature for it in the past. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events