FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 196239
This article describes how to block users on network from accessing the internet who use the Tor browser.


The Tor network allows users to browse the Internet anonymously by bouncing traffic around a distributed network of relays located around the world.
Observers are unable to determine the source and destination of Tor traffic since it does not take a direct route from source to destination.
This document uses the default application control signatures for the Tor client and web-based Tor.
These signatures only match unmodified versions of the Tor application.

1) Enabling Application Control.

Go to System -> Feature, select to ensure that 'Application Control' is enabled.

2) Blocking Tor traffic in 'Application Control' using the default profile.

Go to Security Profiles -> Application Control to edit the default profile.
Under 'Application Overrides', select 'Add Signatures'.

Filter by category: Tor and Proxy: Name to search for Tor.

Two signatures will appear: one for the web-based Tor usage and one for the Tor client.
Highlight both signatures and select 'Use Selected Signatures'.
Both signatures now appear in the 'Application Overrides' list, with the 'Action' set to 'Block'.

3) Adding application control to the security policy.

Go to Policy & Objects -> IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.
Set Source to 'all'.

Under the Security Profiles heading, enable 'Application Control' and use the default profile.
Enable SSH Inspection and use 'deep-inspection'.
Using the 'deep-inspection' profile causes certificate errors.
See Preventing certificate warnings for more information.

Browse the Internet using the Tor browser.
The Tor browser will be blocked.

Go to Log & Report -> Application Control.
Tor traffic has been blocked.

Related Articles

Technical Tip: Blocking and monitoring Tor traffic