https://community.cisco.com/t5/network-security/asa-5520-firewall-bypass-proxy-ultrasurf/m-p/2178192#M360927 <HTML><HEAD></HEAD><BODY><P>The one thing you may try to do is to block <EM>connection-establishment</EM> to the ultraserf servers from your clients' PCs. When connection is&nbsp; established, you can't do anything about it, cause it uses secure http.</P><P>Blocking connection establishment can be done well with cisco ISR&nbsp; using FPM framework. I personnaly did this thing for team-viewer. The&nbsp; key is to match specific field in packets, when client is trying to&nbsp; connect to the server. What to block you can find throug analyzing&nbsp; traffic using wireshark.</P><P>But ASA doesn't have an abiltity to block&nbsp; custom fields in the packet, when it's not related to a specific&nbsp; protocol, so i don't think ASA can do it.</P><P>Probably it's possible to block access to ultraserf servers using access-list with FQDN of the ultraserf -servers in destination part. But i'm not sure it'll work.</P></BODY></HTML> Mon, 04 Mar 2013 09:02:46 GMT Andrew Phirsov 2013-03-04T09:02:46Z https://community.cisco.com/t5/network-security/asa-5520-firewall-bypass-proxy-ultrasurf/m-p/2178191#M360924 <P>Hi,</P><P></P><P>I have ASA 5520 firewall with web filtering. I have lots of sites been blocked for security reason, like facebook, prone sites and so on... After blocking those sites i have found out that users being using proxy software i.e. ultrasurf and seen that this software bypass all blocked sites. I have tried blocking the sites with hard code but still this software bypass the blocked sites and user can access the blocked sites from their machine.</P><P></P><P>Is there any ways to overcome with this issue. I have seen in other organization using CHECKPOINT equipments which works really nice and this device blocks the sites completely and it blocks the proxy too.</P><P></P><P>I want to know, whether the ASA has a capability to block sites lilke CHECKPOINT.</P><P></P><P>I being a Network Administrator and have serious concern about the network securities loop holes. Therefore i want to know is there any other way out to solve this issue?</P><P></P><P></P><P>Thanks,</P><P></P><P>Regards,</P><P></P><P>TashiBDFCL</P> Tue, 12 Mar 2019 01:08:55 GMT https://community.cisco.com/t5/network-security/asa-5520-firewall-bypass-proxy-ultrasurf/m-p/2178191#M360924 Tashi BDFCL 2019-03-12T01:08:55Z https://community.cisco.com/t5/network-security/asa-5520-firewall-bypass-proxy-ultrasurf/m-p/2178192#M360927 <HTML><HEAD></HEAD><BODY><P>The one thing you may try to do is to block <EM>connection-establishment</EM> to the ultraserf servers from your clients' PCs. When connection is&nbsp; established, you can't do anything about it, cause it uses secure http.</P><P>Blocking connection establishment can be done well with cisco ISR&nbsp; using FPM framework. I personnaly did this thing for team-viewer. The&nbsp; key is to match specific field in packets, when client is trying to&nbsp; connect to the server. What to block you can find throug analyzing&nbsp; traffic using wireshark.</P><P>But ASA doesn't have an abiltity to block&nbsp; custom fields in the packet, when it's not related to a specific&nbsp; protocol, so i don't think ASA can do it.</P><P>Probably it's possible to block access to ultraserf servers using access-list with FQDN of the ultraserf -servers in destination part. But i'm not sure it'll work.</P></BODY></HTML> Mon, 04 Mar 2013 09:02:46 GMT https://community.cisco.com/t5/network-security/asa-5520-firewall-bypass-proxy-ultrasurf/m-p/2178192#M360927 Andrew Phirsov 2013-03-04T09:02:46Z