Applications like Ultrasurf and Betternet, that use tunneling, proxies and other evasion techniques to get around filtering can be difficult to block. In most situations we would recommend blocking these using Windows Group Policy as discussed at the bottom of this page. NG Firewall can block them through the use of Firewall Rules, Application Control, and SSL Inspection.
In order to block proxies and other evasion techniques you must add an egress (outbound) firewall rule to block all outbound traffic, allowing only traffic that is required. Blocking all outbound ports blocks the port-hopping activity of these applications.
- Go to Firewall > Settings
- Click Add to add a rule
- Enter a Description, set the Action Type to Block, like in the screenshot below:
Application Control detects some versions of Ultrasurf and other evasion applications but also detects traffic on HTTP and HTTPS ports that is not using HTTP/HTTPS protocol.
- Go to Application Control > Settings
- Under the Applications tab select to Tarpit Ultrasurf and other proxy applications you want blocked.
- Under the Rules tab, enable all options as shown below
SSL Inspector inspects all HTTPS connections so that evasion applications can not tunnel through NG Firewall using HTTPS.
- Go to SSL Inspector > Settings
- Under the Configuration tab enable Block Invalid Traffic
- Under the Rules tab enable Inspect All Traffic, as shown below
Blocking Evasion Applications with Windows Group Policy
This method of blocking Ultrasurf and similar applications is recommended as it is much more effective and manageable for most network environments. Blocking with Group Policy is accomplished by adding a Software Restriction Rule to block the hash and/or the certificate used by the offending software.
For more information on adding this using Group Policy visit the Microsoft Technet Article: