In this recipe, you will block users on your network from accessing the Internet who use the Tor browser.
The Tor network allows users to browse the Internet anonymously by bouncing traffic around a distributed network of relays located around the world. Observers are unable to determine the source and destination of Tor traffic since it doesn’t take a direct route from source to destination.
This recipe uses the default Application Control signatures for the Tor client and web-based Tor. These signatures only match unmodified versions of the Tor application.
Go to System > Feature Select to ensure that Application Control is enabled.
Go to Security Profiles > Application Control to edit the default profile.
Under Application Overrides, select Add Signatures.
Filter by Category: Tor and Proxy: Name to search for Tor.
Two signatures will appear: one for the web-based Tor usage and one for the Tor client.
Highlight both signatures and click Use Selected Signatures.
Both signatures now appear in the Application Overrides list, with the Action set to Block.
Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.
Set Source to all.
Under the Security Profiles heading, enable Application Control and use the default profile. Enable SSH Inspection and use deep-inspection. Using the deep-inspection profile may cause certificate erros. See Preventing certificate warnings for more information.
Browse the Internet using the Tor browser. The Tor browser will be blocked.
Go to Log & Report > Application Control. You will see that Tor traffic has been blocked.