Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 37 subscribers
  • Views 1313 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why doesn't TOR Browser/proxy appear in logviewer

rfcat_vk

Hi folks,

I have been updating my firewalls and testing them. Tor browser appears in the XG GUI Reports display but I am not able to find it in the logviewer.

I am trying to identify which rule it is using to bypass restrictions. I have been able to identify which rules it uses in the past, but not anymore.

Thoughts and suggestions please.

Ian



This thread was automatically locked due to age.
Parents
  • 0

    Hi folks,

    the previous question in this thread was apparently to difficult.Today, I dibbled most of my firewall rules and then restored them until TOR was able to connect. Still nothing in the logs. But, I did find which firewall rule was allowing the TOR browser through, still nothing in logviewer showing a connection. I found that TOR would attempt to connect through port 443 on my decrypt and scan firewall rule when all other rules blocked it. Now when TOR uses port 443 the failing addresses show in the logviewer displays but if it uses a different port then nothing appears in logviewer.

    I have since tightened a couple of rules that even though they had specific ports only allowed TOR still connected.

    When using port 443 logviewer indicates the connection was successful, though TOR does not connect.

    My findings for those that might be interested.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hello Rfcat,

    You might already know these suggestions for v18 and TOR

    1. SSL/TLS should be enabled and one decryption rule should be created based on Firewall rules
    2. Block invalid certificates, must be enabled in the XG
    3. In your firewall rule for user's computer, you should only allow HTTPS, HTTP, preferably the XG will be the DNS resolver

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emmosophos,

    thank you, I have most of those suggestions in place except for one rule that needed no checking. I have since worked out a way to check the application using that rule without causing connection failures.

    the issue still stands, XG shows the connection is successful when using port 443, when using other ports there is nothing logged.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to emmosophos

    Hi Emmosophos,

    thank you, I have most of those suggestions in place except for one rule that needed no checking. I have since worked out a way to check the application using that rule without causing connection failures.

    the issue still stands, XG shows the connection is successful when using port 443, when using other ports there is nothing logged.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML