forticlient webfilter bypass

 
tldr;
So this new gig I have has a bunch of clients with the forigate/net product line and I installed the forticlient…I wanted to do quick/simple VPN to work on our customers’ networks. Upon installing I realized I was blocked from certain websites… I was sitting in my car outside the datacenter on the 4g hotspot… ALAS! the vpn client installs a webfilter and defaults rules…with configuration that I cannot change!!!

Found the service and was unable to disable/stop… tried with process explorer and process hacker (google that ish). That didn’t work and something in the background kept starting the software suite. Thought I would be clever and run cmd.exe as the system service via pstools to stop the service(psexec -i -s cmd.exe…sc stop etc.)…. access denied.

 

Then I realized it’s windows and I WILL HAVE TO REBOOT and change all that crap. ugh… gotta open the 5 million tabs in chrome and get my music right…

 
tldr;

  1. Find out what sys file the filter is using (searched in process explorer and found Fortiwf2.sys)
  2. Reboot into safe mode, set the software service to manual and rename Fortiwf2.sys to Fortiwf2.old
  3. Start normally and when I want to vpn , start the service

Leave a Reply

Your email address will not be published. Required fields are marked *