With a little effort (and some free tools) you should be able to defeat Fortiguard’s firewall and access all your favorite websites.
- Fortiguard is a firewall application designed to block dangerous or undesirable websites and protocols.
- Fortiguard uses DNS filtering to block websites
- You can circumvent Fortiguard by using encryption
- There are several tools you can try:
- Virtual Private Network (VPN)
- Encrypted proxy browser extension
- HTTPS web proxy
What is Fortiguard?
Fortiguard is a popular firewall used by schools, universities and businesses to block ‘undesirable’ web traffic. It uses a proprietary blocklist which can be customized by the network administrator.
Commonly blocked sites:
- Malware / Phishing
- Torrent trackers
- Pirated Content
- Video / Streaming
- Social Media / Facebook / TikTok
You can actually search Fortiguard’s database of blocked sites.
How Fortiguard works
Fortiguard’s firewall combines both hardware and software elements. The web filter is just another word for DNS Filtering.
How DNS Filtering works: Each time you send a request to a website or app, Fortiguard intercepts your DNS request (the lookup address for the domain name). It then checks this DNS record against the blocklist. If the site is blocked, it will block the DNS request and you won’t be able to reach the website.
Fortiguard also performs IP-address blocking, so you can’t get around the firewall by using the direct IP address of the website.
Why filter sites?
Network administrators use Fortiguard for a variety of reasons. The logic may be slightly different for a business owner versus an elementary school.
In general, websites are blocked to:
- Prevent access to inappropriate content
- Avoid time-sucks like social media
- Save network bandwidth (block video)
- Enhance Security (block malware and dangerous site)
There are a several techniques you can use to access Fortiguard-filtered websites. Not all techniques will work on all networks, depending on the firewall settings.
1. Use Mobile Data
This is an obvious fix but it’s also the easiest. If the site is blocked via wifi, just use your mobile data. You can use your hotspot to give data access to other devices like your laptop or tablet.
This is a better option if you have unlimited data, or are willing to upgrade to a new plan.
Also See: How to share 4G data with your router
2. Mirror Sites
Many of the most commonly-filtered websites have cloned mirror sites, which offer identical functionality but are hosted on a different IP address and domain name. Streaming and torrent sites often have mirrors, so do book repositories like Sci-hub and Libgen.
It may take some trial and error, but you can often find a mirror that isn’t blocked by the web filter.
3. Web Proxies
There are dozens of so-called web proxy sites that exist for the sole purpose of circumventing firewall restrictions. You can type any website into the search bar and it’ll fetch it through an iframe from their servers.
I’d be wary of entering any sensitive information over a web proxy, including passwords or credit card information.
Pro: It’s easy and free
Con: Most of the popular web proxy sites are blocked by Fortiguard. Speeds are slow.
4. Virtual Private Network (VPN)
A VPN is usually the most effective method as long as firewall doesn’t also try to block VPNs (there are workarounds).
How it works: When using the VPN app on your smartphone, or PC you will wrap all your web traffic in a layer of unbreakable encryption, forwarded to a remote server. Fortigate can’t intercept your DNS requests and can’t filter your traffic.
You literally just have to click ‘connect’ and the VPN software does the rest.
How to use a VPN to bypass Fortiguard
In order to circumvent the firewall with a VPN, you’ll need a VPN subscription. By and large, VPNs are paid services with fast speeds and high-end security.
If you just want to try a VPN out for free to see if this technique works on your network, these are a few options.
Free VPNs & Free Trials:
- Windscribe – Free up to 5GB/month
- Hide.me – Free up to 10GB/month
- Private Internet Access – 30 day riskless trial (payment required)
- NordVPN – 45 day riskless trial (payment required)
Bypassing the restrictions
On your device, log onto the wifi network. Then activate the VPN by choosing a server location and clicking ‘connect’.
It’s literally that simple. 100% of your data will be routed through the remote VPN server, and heavily encrypted. Fortiguard won’t be able to filter your DNS requests or even see what sites you’re visiting.
Troubleshooting & Plugging leaks
Most VPN software is secure out of the box, but in order to maximize the VPNs effectiveness there are a couple things you should do.
Turn on DNS Leak Protection: Many VPNs enable this automatically, but check your settings menu and turn this on if available. It ensure that DNS requests are performed inside the VPN tunnel (and invisible to Fortiguard).
Enable the kill-switch: Occasionally the VPN will disconnect, and we don’t want our disguised traffic to hit the firewall. Turn on your software’s kill-switch to make sure your internet activity stops when the VPN does.
What if the firewall blocks VPN traffic?
Aggressive firewall policies often target VPN traffic, especially if there’s no good use-case for one on the network (like at school).
Usually VPN traffic can be easily identified by the protocol headers on each data packet sent by the VPN.
Solution: use ‘stealth’ VPN protocols
Many VPN services have developed obfuscated VPN protocols, which are capable of circumventing even powerful firewalls (like China’s great Firewall).
When you enable stealth mode, it will disguise your VPN traffic as regular SSL/HTTPS web traffic.
Using a VPN browser extension
Another option besides dedicated VPN software is to use a VPN or proxy browser extension in Firefox or Chrome.
- Perfect for web traffic
- Less likely to be blocked by the web filter
- Can be use on other OS’s like ChromeOS
- Only works for sites accessible via web browser
VPNs with a browser extensions:
Just because you can get around a firewall doesn’t mean you should. Here are a couple things to think about before giving it a shot.
- Terms & Conditions: Did you have to accept a TOS in order to get internet access on this network? If so, evading network restrictions often is a violation of the contract. Often there’s no legal consequence for violating a TOS, but it depends on your local laws.
- School/Office Rules: If your network has a firewall, there is probably an understood rule against accessing certain websites. You could face disciplinary action if you try to outwit the rule-makers.
Sometimes it’s best to just use your mobile data, especially if you’re on an unlimited plan. Otherwise you can always just wait to check Facebook until your back home, right?
There are some free workarounds to bypass restrictions on Fortinet firewalls, but these methods are often more trouble than they’re worth.
The best tool is almost always a VPN or encrypted browser extension, which will securely tunnel your traffic through the firewall.
If your VPN is blocked, try using stealth.