Fortinet black logo

Cookbook

Blocking Tor traffic

Copy Link
Copy Doc ID 598118ae-ea1f-11e9-8977-00505692583a:58039
Download PDF

Blocking Tor traffic

In this recipe, you will block users on your network from accessing the Internet who use the Tor browser.

The Tor network allows users to browse the Internet anonymously by bouncing traffic around a distributed network of relays located around the world. Observers are unable to determine the source and destination of Tor traffic since it doesn’t take a direct route from source to destination.

This recipe uses the default Application Control signatures for the Tor client and web-based Tor. These signatures only match unmodified versions of the Tor application.

1. Enabling Application Control

Go to System > Feature Select to ensure that Application Control is enabled.

2. Blocking Tor traffic in Application Control using the default profile

Go to Security Profiles > Application Control to edit the default profile.

Under Application Overrides, select Add Signatures.

Filter by Category: Tor and Proxy: Name to search for Tor.

Two signatures will appear: one for the web-based Tor usage and one for the Tor client.

Highlight both signatures and click Use Selected Signatures.

Both signatures now appear in the Application Overrides list, with the Action set to Block.

3. Adding application control to your security policy

Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.

Set Source to all.

Under the Security Profiles heading, enable Application Control and use the default profile. Enable SSH Inspection and use deep-inspection. Using the deep-inspection profile may cause certificate erros. See Preventing certificate warnings for more information.

4. Results

Browse the Internet using the Tor browser. The Tor browser will be blocked.

Go to Log & Report > Application Control. You will see that Tor traffic has been blocked.

For further reading, check out Application Control in the FortiOS 5.4 Handbook.

Blocking Tor traffic

In this recipe, you will block users on your network from accessing the Internet who use the Tor browser.

The Tor network allows users to browse the Internet anonymously by bouncing traffic around a distributed network of relays located around the world. Observers are unable to determine the source and destination of Tor traffic since it doesn’t take a direct route from source to destination.

This recipe uses the default Application Control signatures for the Tor client and web-based Tor. These signatures only match unmodified versions of the Tor application.

1. Enabling Application Control

Go to System > Feature Select to ensure that Application Control is enabled.

2. Blocking Tor traffic in Application Control using the default profile

Go to Security Profiles > Application Control to edit the default profile.

Under Application Overrides, select Add Signatures.

Filter by Category: Tor and Proxy: Name to search for Tor.

Two signatures will appear: one for the web-based Tor usage and one for the Tor client.

Highlight both signatures and click Use Selected Signatures.

Both signatures now appear in the Application Overrides list, with the Action set to Block.

3. Adding application control to your security policy

Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.

Set Source to all.

Under the Security Profiles heading, enable Application Control and use the default profile. Enable SSH Inspection and use deep-inspection. Using the deep-inspection profile may cause certificate erros. See Preventing certificate warnings for more information.

4. Results

Browse the Internet using the Tor browser. The Tor browser will be blocked.

Go to Log & Report > Application Control. You will see that Tor traffic has been blocked.

For further reading, check out Application Control in the FortiOS 5.4 Handbook.