If I have already installed Tor browser y my PC with all administative permissions (or any one else in the company LAN) how can i block in the XG Firewall in order to no one use it??
I already try using block proxy in App Control (deny all) .. but may be i miss something (The basic App gropup include all the proxys sites including Tor Proxy and Tor2 web proxy)
I try to follow the settings as you recommend ...
I change the parameters recommended indicated (as the pictures below my XG Firewall)
show advanced-firewallshow ips-settings
Hi Atilio Servian,
Thank you for reaching out to the Community!
Check out the steps outlined in the following document to block Tor Proxy(Tor Browser).
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Please Notice there are some diferences with other parameters but no with the recomended to change ....
I also create one Firewall Rule for one particular VLAN (test one) including a App control Policy to block what was recommended
The App control Policy include and P2P and Proxy and Tunnel category
including others two categories for P2P and Proxy and Tunnels ..... (no showed in the image above but included)
This App control Policy was included in the same Firewall rule for the VLAN in test... No other Rule included..... No web policy and No IPS policy included (just what was show in IPS command settings
Tor still running ...
Do i miss Something ??
If some other parameters must be changed or include... please indicate the commands to do it ....
Thanks in advance
Hi Atilio Servian
What is the firmware version on your firewall? If it’s 17.5, you need to turn on HTTPS scanning, and for V18, SSL/TLS inspection turned on; check out the provided document for more info. Also, run a packet capture on the source IP address to ensure that traffic is hitting the correct firewall rule.
from experience you will need full decrypt and scan along CA installation and use the web proxy because SSL/TLS in this version does not scan UDP traffic which TOR will use if it finds TCP blocked.
You will also need to change from any service to http/s otherwise checking will fail.
I have inspect all content enabled rather than just untrusted content.
Also what are your DOS settings/parameters as shown in the IPS tab?