I believe you have already opened a case but incase you have not i would recommend opening a case with support with the following information
1. Application version of Ultrasurf
2. pcap of the traffic from the client side
3. traffic logs during your testing
4. techsupport file
Hope this helps.
It seems ultrasurf has updated it's proxy network. based from the current version 13.04, PAN detects Ultrasurf and denies it. however it passes thru for some weird reasons and now the software calls for HE.NET which resides in the USA. i have responded to an older query regarding Ultrasurf but during that time, the software calls / connect to Taiwan (HINET) which i stated to block the whole country to prevent ultrasurf from connecting. What you can do for now is to double check your filters and make sure ultrasurf and unknown-tcp are on your app block-list. This may not be full proof but it can slow "ultrasurf" to a crawl (for the mean time). which i'm doing right now. Let's hope PAN team can resolve this quickly.
My suggestion for all evasive apps like Ulrtrasurf, Tor, etc. is to open a support case when you find failure to block reliably. These apps are constantly evolving to try and evade control (evasive!). Once you have a support case open upload packet captures of the evasive traffic )capture it locally in your network) to the case. In many cases we find interesting regional differences in the application's evasion tactics. Having packet captures from your particular location is almost always a great help in determining what the app developer has added to the mix to try to fly under the radar.
try the following for TOR:
1- Enable SSl decryption if you don't want create a policy with SSL as application and in the url profile block the unknown sites.
2-second policy to block TOR by deny application
3-block the unknown App also
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!