- Products
- Learn
- Local User Groups
- Partners
- More
On-Premise SD-WAN Management
Register HereWhat's New in R82.10?
Watch Here AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
The Moment Before
Hello,
does oneone have a solution for blocking tor traffic completely on R80.40 gateways?
I have followed the steps decribed in sk103154 "How to block traffic coming from known malicious IP addresses" but I am still able to connect to the TOR network by using the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)" feature of the TOR browser.
Thank you
regards
Stefan
I recommend engaging with the TAC on this.
That said, it's possible this mechanism might also block legitimate uses of Azure, which is possibly why this is still allowed.
You need HTTPS Inspection to fully block TOR
what should the HTTPS inspection rule look like that you have in mind? Thank you
It was matched by the catch-all rule, the rulebase in my lab (and also productive enviroment) is structered so that bypass rules come first, the rest is matched by a catch-all rule.
Im not positive thats actually true...why would you need https inspection to block tor traffic?
Since the traffic is encrypted and the AppControl pattern doesn't match if I choose the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)"-option. At least in my lab enviroment, R81 gw and sms.
If i activate https inspection the tor browser won't connect anymore and a bypass is impossible.
The directions in that article describe how to block traffic coming from people who use TOR into your environment. It wouldn't have any effect at all on traffic from your users out.
To block traffic from your environment out to TOR, you will need HTTPS inspection and a rule blocking or rejecting the "Tor" (and probably "Invisible Browsing", "Tails", and "Tor2Web") application/site object.
Hello Bob,
I did all that now but I am still able to connect to the TOR network by using the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)" feature of the TOR browser.
And that traffic may not look like Tor traffic.
Recommend a TAC case here.
Not sure if this makes sense, but if you have app control enabled, can you try add that application to be blocked?
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 70 | |
| 23 | |
| 7 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 |
Fri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY