Tor Browser how to block

If I have already installed  Tor browser y my PC with all administative permissions  (or any one else in the company LAN) how can i block  in the XG Firewall  in order to no one use it??

I already try using block proxy in App Control (deny all)  .. but may be  i miss something (The basic App gropup include all the proxys sites including Tor Proxy and  Tor2  web proxy)



Added TAGs
[edited by: emmosophos at 11:25 PM (GMT -8) on 24 Feb 2021]
Parents
  • Hi ,

    Thank you for reaching out to the Community! 

    Check out the steps outlined in the following document to block Tor Proxy(Tor Browser).

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Dear  H_Patel.

    I try to follow the settings as you recommend ... 

    I change the parameters recommended  indicated (as the pictures below my XG Firewall)

    show advanced-firewall
    show ips-settings

    Please  Notice there are some diferences  with other  parameters but no with the recomended to change ....

    I also create one Firewall Rule for one particular VLAN (test one)  including a  App control  Policy to block what was recommended  

    The App control Policy include and P2P and Proxy and Tunnel category

    • DNS Multiple QNAME
    • OpenVPN
    • QUIC
    • Non-SSL/TLS traffic on port 443

    including others two categories  for  P2P   and  Proxy and Tunnels ..... (no showed in the image above but included)

    This App control Policy  was included in the same Firewall rule for the VLAN in test...    No other Rule included..... No web policy and  No IPS policy included (just what was show in IPS command settings

    Tor still running ... 

    Do i miss Something ??

    If some other parameters must be changed or include... please indicate the commands to do it ....

    Thanks in advance

Reply
  • Dear  H_Patel.

    I try to follow the settings as you recommend ... 

    I change the parameters recommended  indicated (as the pictures below my XG Firewall)

    show advanced-firewall
    show ips-settings

    Please  Notice there are some diferences  with other  parameters but no with the recomended to change ....

    I also create one Firewall Rule for one particular VLAN (test one)  including a  App control  Policy to block what was recommended  

    The App control Policy include and P2P and Proxy and Tunnel category

    • DNS Multiple QNAME
    • OpenVPN
    • QUIC
    • Non-SSL/TLS traffic on port 443

    including others two categories  for  P2P   and  Proxy and Tunnels ..... (no showed in the image above but included)

    This App control Policy  was included in the same Firewall rule for the VLAN in test...    No other Rule included..... No web policy and  No IPS policy included (just what was show in IPS command settings

    Tor still running ... 

    Do i miss Something ??

    If some other parameters must be changed or include... please indicate the commands to do it ....

    Thanks in advance

Children
  • Hi

    What is the firmware version on your firewall? If it’s 17.5, you need to turn on HTTPS scanning, and for V18, SSL/TLS inspection turned on; check out the provided document for more info. Also, run a packet capture on the source IP address to ensure that traffic is hitting the correct firewall rule. 

    Thanks, 

     

     
    Harsh Patel (H_Patel)

    Community Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • Hi,

    from experience you will need full decrypt and scan along CA installation and use the web proxy because SSL/TLS in this version does not scan UDP traffic which TOR will use if it finds TCP blocked.

    You will also need to change from any service to http/s otherwise checking will fail.

    I have inspect all content enabled rather than just untrusted content.

    Ian

    Also what are your DOS settings/parameters as shown in the IPS tab?

     
    V18.0.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    3 AP55s and 2 APX120s having a holiday until software update is released.
    If a post solves your question use the 'This helped me' link.


    added question about DOS settings/parameters
    [edited by: rfcat_vk at 10:06 PM (GMT -8) on 26 Feb 2021]