https://community.sophos.com/sophos-xg-firewall/f/discussions/126224/tor-browser-how-to-blockIf I have already installed Tor browser y my PC with all administative permissions (or any one else in the company LAN) how can i block in the XG Firewall in order to no one use it?? I already try using block proxy in App Control (deny all) .. but mayen-USTelligent Community 12https://community.sophos.com/thread/462156?ContentTypeID=1Fri, 26 Feb 2021 21:48:00 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:78a136c4-b879-484a-aa79-695c2172bf32rfcat_vk<p>Hi,</p> <p>from experience you will need full decrypt and scan along CA installation and use the web proxy because SSL/TLS in this version does not scan UDP traffic which TOR will use if it finds TCP blocked.</p> <p>You will also need to change from any service to http/s otherwise checking will fail.</p> <p>I have inspect all content enabled rather than just untrusted content.</p> <p>Ian</p> <p>Also what are your DOS settings/parameters as shown in the IPS tab?</p><div style="clear:both;"></div>https://community.sophos.com/thread/462109?ContentTypeID=1Fri, 26 Feb 2021 14:14:34 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:14ac747d-ec65-4b71-9d85-9883c64a289eFormerMember<p>Hi <a href="/members/atilio-servian">Atilio Servian</a></p> <p>What is the firmware version on your firewall? If it&rsquo;s 17.5, you need to turn on HTTPS scanning, and for V18, SSL/TLS inspection turned on; check out the provided document for more info. Also, run a packet capture on the source IP address to ensure that traffic is hitting the correct firewall rule.&nbsp;</p> <ul> <li><a href="https://support.sophos.com/support/s/article/KB-000035761?language=en_US" rel="noopener noreferrer" target="_blank">Monitor traffic using Packet Capture Utility in the Sophos XG Firewall GUI</a></li> </ul> <p>Thanks,&nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/462107?ContentTypeID=1Fri, 26 Feb 2021 14:02:08 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:e69ca17a-bf68-4559-b97a-9a879d63d322Atilio Servian<p>Dear&nbsp; H_Patel.</p> <p>I try to follow the settings as you recommend ...&nbsp;</p> <p>I change the parameters recommended&nbsp; indicated (as the pictures below my XG Firewall)</p> <p><span style="color:#000000;"><code>show advanced-firewall<br />show ips-settings</code></span></p> <p><span style="color:#000000;"><code><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/126/pastedimage1614345590415v3.png" alt=" " /></code></span></p> <p><span style="color:#000000;"><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/126/pastedimage1614345524418v2.png" alt=" " /><code></code></span></p> <p><span style="color:#000000;"><code></code></span></p> <p><span style="color:#000000;"><code></code>Please&nbsp; Notice there are some diferences&nbsp; with other&nbsp; parameters but no with the recomended to change .... </span></p> <p><span style="color:#000000;">I also create one Firewall Rule for one particular VLAN (test one)&nbsp; including a&nbsp; App control&nbsp; Policy to block what was recommended &nbsp; </span></p> <p><span style="color:#000000;"><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/126/pastedimage1614346066883v5.png" alt=" " /></span></p> <p><span style="color:#000000;">The App control Policy include and <strong>P2P&nbsp;</strong>and&nbsp;<strong>Proxy and Tunnel</strong>&nbsp;category</span></p> <ul> <li><span style="color:#000000;">DNS Multiple QNAME</span></li> <li><span style="color:#000000;">OpenVPN</span></li> <li><span style="color:#000000;">QUIC</span></li> <li><span style="color:#000000;">Non-SSL/TLS traffic on port 443</span></li> </ul> <p><span style="color:#000000;"><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/126/pastedimage1614345801393v4.png" alt=" " /></span></p> <p><span style="color:#000000;">including others two categories&nbsp; for&nbsp; P2P&nbsp;&nbsp; and&nbsp; Proxy and Tunnels ..... (no showed in the image above but included)</span></p> <p><span style="color:#000000;">This App control Policy&nbsp; was included in the same Firewall rule for the VLAN in test...&nbsp;&nbsp;&nbsp; No other Rule included..... No web policy and&nbsp; No IPS policy included (just what was show in IPS command settings </span></p> <p><span style="color:#000000;">Tor still running ...&nbsp; </span></p> <p><span style="color:#000000;">Do i miss Something ??</span></p> <p><span style="color:#000000;">If some other parameters must be changed or include... please indicate the commands to do it .... </span></p> <p><span style="color:#000000;">Thanks in advance </span></p> <p><span style="color:#000000;"></span></p> <p><span style="color:#000000;"></span></p><div style="clear:both;"></div>https://community.sophos.com/thread/461902?ContentTypeID=1Wed, 24 Feb 2021 15:18:09 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:024f0eef-c8f5-4583-9d2a-176ad5274d9cFormerMember<p>Hi <a href="/members/atilio-servian">Atilio Servian</a>,</p> <p>Thank you for reaching out to the Community!&nbsp;</p> <p>Check out the steps outlined in the following document to block Tor Proxy(Tor Browser).</p> <ul> <li><a href="/xg-firewall/f/recommended-reads/119051/sophos-xg-firewall-cyberoam-application-filter-recommended-settings-for-better-application-detection" rel="noopener noreferrer" target="_blank">Sophos XG Firewall / Cyberoam: Application filter recommended settings for better application detection</a></li> </ul> <p>Thanks,</p><div style="clear:both;"></div>