FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
DescriptionUsers are using Tor (The Onion Router) to get around firewall policies. This article describes how to prevent this.
  • FortiGate units running FortiOS 3.0.
Steps or Commands

To block prevent the use of Tor on your network, create a custom IPS signature that will catch this traffic.

To add a custom IPS signature

  1. Go to Intrusion Protection> Signature> Custom.
  2. Select Create New.
  3. Enter a name for the signature and the following for the signature:

    F-SBID( --name "TOR.Web.Proxy.TLSv1.Detection"; --protocol tcp; --flow from_client; --seq <,3000,relative; --pattern "|16 03 01|"; --within 3,packet; --pattern "|0b|"; --distance 2; --within 1; --pattern "|3c|identity|3e|0"; --no_case; --distance 15; --within 300; --pattern "Tor"; --no_case; --distance -100; --within 100; )

  4. Select OK.

Associate the IPS signature to a protection profile and apply that protection profile to an outbound firewall policy.