How to block Ultrasurf using Appilication Firewall settings

This article describes the configuration steps to block UltraSurf on SRX firewalls using the Application Firewall feature.

UltraSurf is a privacy application used to hide a user’s Internet activity. Traffic from this application is indistinguishable from a generic SSL. Downloaders of this application may be attempting to disguise their internet traffic. The article provides steps to block this application traffic through the firewall using the Application firewall feature.

Inorder to block UltraSurf application on the firewall, use the signature Web:Anonymizer:ULTRASURF available with the Application Firewall feature on the firewall running Application-Identification version 2. Note that this requires the Application Identification Signature to be installed on the device.

Configuration Example:
1.Define the application firewall rule-set P2P to deny traffic from the selected dynamic applications. In this case, we will assume that the rule-set is to block all P2P traffic and the rule is for blocking UltraSurf traffic.

2.Make sure that the same rule set is enabled under application firewall in the concerned security policy.

3.Commit the configurations and test the behavior.

About the author

James Palmer

Leave a Comment