Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stefan_Schmidt
Participant

Block Tor traffic completely on R80.40 gateways

Hello,

does oneone have a solution for blocking tor traffic completely on R80.40 gateways?

I have followed the steps decribed in sk103154 "How to block traffic coming from known malicious IP addresses" but I am still able to connect to the TOR network by using the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)" feature of the TOR browser.

Thank you

regards

Stefan

0 Kudos
10 Replies
PhoneBoy
Admin
Admin

I recommend engaging with the TAC on this.
That said, it's possible this mechanism might also block legitimate uses of Azure, which is possibly why this is still allowed.

0 Kudos
Benedikt_Weissl
Advisor

You need HTTPS Inspection to fully block TOR

0 Kudos
Stefan_Schmidt
Participant

what should the HTTPS inspection rule look like that you have in mind? Thank you

0 Kudos
Benedikt_Weissl
Advisor

It was matched by the catch-all rule, the rulebase in my lab (and also productive enviroment) is structered so that bypass rules come first, the rest is matched by a catch-all rule.

0 Kudos
the_rock
Mentor
Mentor

Im not positive thats actually true...why would you need https inspection to block tor traffic?

0 Kudos
Benedikt_Weissl
Advisor

Since the traffic is encrypted and the AppControl pattern doesn't match if I choose the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)"-option. At least in my lab enviroment, R81 gw and sms.

If i activate https inspection the tor browser won't connect anymore and a bypass is impossible.

0 Kudos
Bob_Zimmerman
Advisor

The directions in that article describe how to block traffic coming from people who use TOR into your environment. It wouldn't have any effect at all on traffic from your users out.

To block traffic from your environment out to TOR, you will need HTTPS inspection and a rule blocking or rejecting the "Tor" (and probably "Invisible Browsing", "Tails", and "Tor2Web") application/site object.

0 Kudos
Stefan_Schmidt
Participant

Hello Bob,

I did all that now but I am still able to connect to the TOR network by using the "Tor is censored in my country - select a built in bridge: meek-azure (works in China)" feature of the TOR browser.

0 Kudos
PhoneBoy
Admin
Admin

And that traffic may not look like Tor traffic.
Recommend a TAC case here.

0 Kudos
the_rock
Mentor
Mentor

Not sure if this makes sense, but if you have app control enabled, can you try add that application to be blocked?

0 Kudos