should block tor traffics on fortigate as best practice for enterprise ?

Forum|Forum|10 months ago
August 7, 2025
4 replies
1095 views

hi, can someone pls advise whether we should block tor traffics (tor onion) on internet router as best practice for an enterprise? thanks in advance!

Best answer by VinayHM

Blocking Tor traffic (including Tor onion services) on your enterprise internet router is generally considered a best practice from a security perspective.
Tor can be exploited by malicious actors to anonymize malicious activities, exfiltrate data, or access illicit content, which can pose significant security and compliance risks.

funkylicious

SuperUser

you mean Tor traffic?

it depends on your company policy, but i think most companies block it.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-Tor-connections/ta-p/316401

"jack of all trades, master of none"

kaman

Staff

Hi WQ,

You can also follow the document below on how to block TOR traffic from the WAN to the LAN, by using the ISDB object. This ISDB object contains a list of all TOR exit nodes currently known and is updated by FortiGuard.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-traffic-coming-from-TOR-exit-nodes/ta-p/190958

Regards!

VinayHMAnswer

Blocking Tor traffic (including Tor onion services) on your enterprise internet router is generally considered a best practice from a security perspective.
Tor can be exploited by malicious actors to anonymize malicious activities, exfiltrate data, or access illicit content, which can pose significant security and compliance risks.

WQTpicapAuthor

New Member

thanks @VinayHM @kaman @funkylicious for your advices!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded