Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bypass FortiGuard firewall #34

Closed
scropion86 opened this issue Apr 4, 2021 · 9 comments
Closed

bypass FortiGuard firewall #34

scropion86 opened this issue Apr 4, 2021 · 9 comments
Labels
question Further information is requested

Comments

@scropion86
Copy link

hi,

i have tried every possible setting but not able to bypass FortiGuard firewall.
if anybody know what could be the correct settings please comment on this issue.

thanks
@krlvm
Copy link
Owner

krlvm commented Apr 4, 2021
edited
Loading

If it is filtering by IP you can only bypass it using encrypted connection (VPN, TOR), otherwise try enabling SNI modification.

@krlvm krlvm added the question Further information is requested label Apr 4, 2021
@scropion86
Copy link
Author

i am not sure how it is actually works but even in most VPN client used in this network the client can't establish the connection at all nether from windows or with android.

@Saya47
Copy link

Saya47 commented Apr 5, 2021

Hello.
When I ping an IP address of a specific blocked website, I get "Request Timed Out".
But when I connect to a VPN or use TOR, I can ping the IP address successfully.
Does that mean my ISP has blocked that website by IP address and I can't bypass the censorship with PowerTunnel?
Thanks very much.

@scropion86
Copy link
Author

the websites or servers which i was trying to access is allowed by the ISP and not blocked nationally
but the network admin is blocking it which i was not able to bypass with PowerTunnel

for example

image

and i can ping

C:\Users\USERNAME>ping battle.net

Pinging battle.net [137.221.106.104] with 32 bytes of data:
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49

Ping statistics for 137.221.106.104:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 197ms, Maximum = 197ms, Average = 197ms

also trace the domain

C:\Users\USERNAME>tracert battle.net

Tracing route to battle.net [137.221.106.104]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     2 ms     1 ms     1 ms  #############################
  3     *        *        *     Request timed out.
  4     1 ms     3 ms     2 ms #############################
  5     2 ms     1 ms     2 ms  #############################
  6     3 ms     4 ms     2 ms  #############################
  7     *        *        *     Request timed out.
  8     3 ms     2 ms     2 ms  #############################
  9     3 ms     3 ms     3 ms  #############################
 10    49 ms    64 ms    53 ms  #############################
 11     *        *        *     Request timed out.
 12   157 ms   154 ms   154 ms  blizzard-en.ear7.chicago2.level3.net [4.7.196.134]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15   197 ms   197 ms   196 ms  et-0-0-0-pe04-swlv10.as57976.net [137.221.83.87]
 16   198 ms   197 ms   197 ms  las-swlv10-ia-bons-04.as57976.net [137.221.66.23]
 17   197 ms   196 ms   197 ms  137.221.105.15
 18   197 ms   196 ms   197 ms  137.221.106.104

Trace complete.

@krlvm
Copy link
Owner

krlvm commented Apr 5, 2021

Hello.
When I ping an IP address of a specific blocked website, I get "Request Timed Out".
But when I connect to a VPN or use TOR, I can ping the IP address successfully.
Does that mean my ISP has blocked that website by IP address and I can't bypass the censorship with PowerTunnel?
Thanks very much.

Yes, you need to use encrypted connection because your ISP banned the resource by IP address, not by name (e.g. you can bypass "github.com" ban, but not "140.82.121.4" (GitHub IP) ban, because the URL resolves into IP address and ISP sees real destination anyway.

@krlvm
Copy link
Owner

krlvm commented Apr 5, 2021

the websites or servers which i was trying to access is allowed by the ISP and not blocked nationally
but the network admin is blocking it which i was not able to bypass with PowerTunnel

for example

image

and i can ping

C:\Users\USERNAME>ping battle.net

Pinging battle.net [137.221.106.104] with 32 bytes of data:
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49
Reply from 137.221.106.104: bytes=32 time=197ms TTL=49

Ping statistics for 137.221.106.104:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 197ms, Maximum = 197ms, Average = 197ms

also trace the domain

C:\Users\USERNAME>tracert battle.net

Tracing route to battle.net [137.221.106.104]
over a maximum of 30 hops:

  1     *        *        *     Request timed out.
  2     2 ms     1 ms     1 ms  #############################
  3     *        *        *     Request timed out.
  4     1 ms     3 ms     2 ms #############################
  5     2 ms     1 ms     2 ms  #############################
  6     3 ms     4 ms     2 ms  #############################
  7     *        *        *     Request timed out.
  8     3 ms     2 ms     2 ms  #############################
  9     3 ms     3 ms     3 ms  #############################
 10    49 ms    64 ms    53 ms  #############################
 11     *        *        *     Request timed out.
 12   157 ms   154 ms   154 ms  blizzard-en.ear7.chicago2.level3.net [4.7.196.134]
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15   197 ms   197 ms   196 ms  et-0-0-0-pe04-swlv10.as57976.net [137.221.83.87]
 16   198 ms   197 ms   197 ms  las-swlv10-ia-bons-04.as57976.net [137.221.66.23]
 17   197 ms   196 ms   197 ms  137.221.105.15
 18   197 ms   196 ms   197 ms  137.221.106.104

Trace complete.

Google says FortiGuard uses DNS-based filtering, so you try changing your DNS server either in PowerTunnel settings, either in your system settings, but looks like it uses another filtration method (137.221.106.104 is battle.net IP indeed). You can try increasing fragment (chunk) size. You can also try to enable SNI modification, but make sure that you don't have kind of FortiGuard certificates installed.

@scropion86
Copy link
Author

i have tried all the suggested tricks , and even SNI but the problem it is not blocking the website and show as invalid certificate
it just show the blocking page result of FortiGuard.
it looks like it uses DPI blocking mechanism

@krlvm
Copy link
Owner

krlvm commented Apr 12, 2021

show as invalid certificate

I think you missed this step

@scropion86
Copy link
Author

no i have gone through all this guide , but with no success

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@scropion86 @Saya47 @krlvm