03/26/2020 7 People found this article helpful 455,435 Views
How to Block Freegate using App Control Advanced
Feature/Application:
Freegate is a web proxy that uses a proprietary, obfuscated/encrypted application layer protocol to thwart content filtering and application control by firewalls. In addition to Freegate specific signatures, blocking this application requires Signature ID 5 and 7 to be enabled.
This KB articles describes how to block Freegate traffic.
These are the signatures to be enabled for effectively blocking Freegate:
PROXY-ACCESS > Freegate signatures - Identify HTTPS handshake between Freegate client and servers.
PROXY-ACCESS > Encrypted Key Exchange -- UDP Random Encryption - SID 7 - blocks UDP tunnel traffic. Enabling this signature will not only block encrypted Freegate traffic over UDP but also block other encrypted UDP traffic like IPSec VPN traffic passing through the SonicWall.
Note: Before enabling this signature, exclude the outside or inside IP addresses of legitimate IPSec traffic.
PROXY-ACCESS > Encrypted Key Exchange -- TCP Random Encryption - SID 5 - blocks TCP tunnel traffic. Enabling this signature will not only block encrypted Freegate traffic over TCP but also block other encrypted TCP traffic passing through the SonicWall.
Note: Before enabling this signature, exclude the outside or inside IP addresses of such legitimate traffic.
Procedure:
Enabling Application Control Service on zones
Testing
From a host behind the SonicWall, launch the Freegate application and try to connect. The application will not be able to establish a tunnel.
Under SonicWall logs, log messages similar to the following will be generated: