This article describes the configuration steps to block UltraSurf on SRX firewalls using the Application Firewall feature.
UltraSurf is a privacy application used to hide a user’s Internet activity. Traffic from this application is indistinguishable from a generic SSL. Downloaders of this application may be attempting to disguise their internet traffic. The article provides steps to block this application traffic through the firewall using the Application firewall feature.
Inorder to block UltraSurf application on the firewall, use the signature Web:Anonymizer:ULTRASURF available with the Application Firewall feature on the firewall running Application-Identification version 2. Note that this requires the Application Identification Signature to be installed on the device.
Configuration Example:
1.Define the application firewall rule-set P2P to deny traffic from the selected dynamic applications. In this case, we will assume that the rule-set is to block all P2P traffic and the rule is for blocking UltraSurf traffic.
[edit security application-firewall rule-sets P2P ] user@host# set rule ultrasurf match dynamic-application junos:ULTRASURF user@host# set rule ultrasurf then deny user@host# set default-rule permit
2.Make sure that the same rule set is enabled under application firewall in the concerned security policy.
set security policies from-zone untrust to-zone trust policy internet_policy then permit application-services application-firewall rule-set P2P
3.Commit the configurations and test the behavior.