-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to block websites when accessed from Tor Browser
10/14/2021 
72 People found this article helpful
488,674 Views
Description
In this article we describe how to block Tor or any traffic generated from Tor Apps like Tor WebBrowser. Content filter policies does not apply for any HTTPHTTPS sites being accessed from a Tor browser although it works as expected for any other browsers like IE,Chrome, or Firefox. The reason is Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult for Internet activity to be traced back to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms".
CAUTION: Enabling DPI-SSL should be performed in a test environment or applied to a controlled set of devices to monitor behavior and access before applying to an entire organization.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.
To block Tor applications using App Control Advanced feature, follow the steps below:
- Login to the SonicWall Management GUI.
- Navigate to Policy |Security service | Advanced Application Control .
- Check the box Enable App Control and click on the Accept button to apply changes.
- Under Signatures, select PROXY-ACCESS under Category.
- Select Tor under Application and then click on the Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
- Click OK to save.
Now under App Control Advanced, select PROXY-ACCESS under Category.
- Select Encrypted Key Exchange under Application, Click on Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
- Click on OK to save.
- After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:
Enable Application Control on Zones
- Navigate to Object| Match Objects | Zones.
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
Enable DPI-SSL Client Inspection
1. Navigate to Policy > DPI-SSL > SSL Client deployment.
2. Under General, Click on Enable SSL Client Inspection, Check on Intrusion Prevention.
How to Test
From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" pageor the connection has been reset error.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.
To block Tor applications using App Control Advanced feature, follow the steps below:
- Login to the SonicWall Management GUI.
- Navigate to Manage | Rules | Advanced Application Control .
- Check the box Enable App Control and click on the Accept button to apply changes.
- Under App Control Advanced, select PROXY-ACCESS under Category.
- Select Tor under Application and then click on the Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
- Click OK to save.
- Now under App Control Advanced, select PROXY-ACCESS under Category.
- Select Encrypted Key Exchange under Application, Click on Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
11. Click on OK to save.
12. After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:
Enable Application Control on Zones
- Navigate to Manage | Network | Zones.
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
Enable DPI-SSL Client Inspection
1. Navigate to Manage > Deep Packet Inspection > SSL Client deployment.
2. Under General, Click on Enable SSL Client Inspection, Check on Intrusion Prevention.
How to Test
From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" page as shown below:
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Using App control advanced feature we can effectively block any traffic generated from a Tor Browser.
To block Tor applications using App Control Advanced feature, follow the steps below:
- Login to the SonicWall Management GUI.
- Navigate to Firewall | App Control Advanced . (In Gen5 TZ devices this page is under Security Services | App Control.)
- Check the box Enable App Control and click on the Accept button to apply changes.
- Under App Control Advanced, select PROXY-ACCESS under Category.
- Select Tor under Application and then click on the Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
- Click OK to save.
- After Enabling Block to Tor application under PROXY-ACCESS category it would look like this:
- Now under App Control Advanced, select PROXY-ACCESS under Category.
- Select Encrypted Key Exchange under Application, Click on Configure button.
- A pop-up window appears, select Enable under the Block and Log fields.
- Click on OK to save.
- After Enabling Block to Encrypted key exchange application under PROXY-ACCESS category it would look like this:
Enable Application Control on Zones
- Navigate to Network | Zones.
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
Enable DPI-SSL Client Inspection
How to Test
From a host behind the SonicWall, login to a website that is being blocked by SonicWall Content Filter using either HTTP or HTTPS. You will get a "Unable to find the proxy server" page as shown below:
Related Articles
- How to configure numbered VPN tunnel
- Cysurance Partner FAQ
- How can I enable Enhanced Audit Logging Support?
Categories
- Firewalls > TZ Series > Application Firewall
- Firewalls > SonicWall NSA Series > Application Firewall
- Firewalls > SonicWall SuperMassive 9000 Series > Application Firewall
YES
NO