UltraSurf V4 Application Block

merhabalar
v4 te ultrasurf engellemek için öncelikle application control kısmında uygulamalardan proxy den altındanda ultrasurf ve ultrasurf 9+ seçip block diyiniz.
aktif profileda kullanarak bu şekilde ultra surf engellenecektir.
alternatif çözüm

Since FortiOS 4.0, all application identification signatures are moved to Application Control. You can find the 'ultrasurf' signature under 'proxy' category in Application Control. Current signature in official package can't block Ultrasurf 9.6. In order to block it, you can try following custom signatures. We are not sure whether they could cause high False Positive. Let us know if you encounter any problem.

F-SBID( --name "ultrasurf.tag1"; --protocol tcp; --service SSL; --flow from_client; --seq >,70,relative; --pattern "|16 03 01 00 86 10 00 00 82|"; --within 11,packet; --data_size 186; --tag set,ultrasurf.tag1; )
==> set its action to 'pass' and don't log its alerts

F-SBID( --name "ultrasurf.tag2"; --protocol tcp; --service SSL; --flow from_server; --pattern "|14 03 01 00 01 01 16 03 01 00 24|"; --within 16,packet; --data_size 47; --tag test,ultrasurf.tag1; --tag set,ultrasurf.tag2 )
==> set its action to 'pass' and don't log its alerts

F-SBID( --name "ultrasurf.test.10"; --protocol tcp; --service SSL; --flow from_server; --seq <,10000,relative; --pattern "|17 03 01 00 05|"; --within 5,packet; --data_size 10; --tag test,ultrasurf.tag2; )
==> set its action to 'reset' and log its alerts

F-SBID( --name "ultrasurf.test.18"; --protocol tcp; --service SSL; --flow from_client; --seq <,4000,relative; --pattern "|17 03 01 00 0d|"; --within 5,packet; --data_size 18; --tag test,ultrasurf.tag2; )
==> set its action to 'reset' and log its alerts

F-SBID( --name "ultrasurf.test.34"; --protocol tcp; --service SSL; --flow from_client; --seq <,6000,relative; --pattern "|17 03 01 00 1d|"; --within 5,packet; --data_size 34; --tag test,ultrasurf.tag2; )
==> set its action to 'reset' and log its alerts