Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 4781 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to block Tor Browser when connected to a VPN via Cisco AnyConnect

Sacha Roland

In terms of firewalls I am a beginner (just bought my first XG). I want to set up a policy that blocks Tor Browser (so a user inside the network can't use Tor to surf the internet), for this case I found some threads and discussions. But while in general the use of proxies, tunnels and other anonymizing techniques should be blocked on the network, establishing a VPN connection to a particular university network should be possible. The VPN is established via Cisco AnyConnect Client. I want to make sure that even when using this VPN, a user is not able to use Tor Browser. Will this be possible (despite this limitation)? Which protections will I need, is web protection enough or will I need network protection as well?



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Sacha Roland

    Firewall blocks application at the UDP level and application databases keep updating on the Firewall. So far you are connected to the Firewall and your traffic is passing through the firewall whether via vpn or Lan and your application policy has been well defined, the firewall would match your policy to block the app you defined in your firewall rule

Children
  • 0 in reply to Bowale Oyenuga

    Hi,

    There are two basic scenarios :-

    1/. The applications are seen by the firewall

    a) using application and web poiicies after you install the XG CA on your devices.

    b) the connections are going through the web proxy and using known protocols.

    c) the VPNs originate or terminate on the firewall.

    in this case you can block TOR.

     

    2/. The VPNs start on the users device

    a) the firewall will not be able to inspect the traffic within the VPN because it does not have the details of the connection eg shared key, negotiated connection security settings.

    In this case you will not be able to block TOR.

    Ian

  • 0 in reply to rfcat_vk

    Thank you very much for your detailed answer. So I assume, I'll have to deal with Scenario 2 because users connect into the VPN by the Cisco AnyConnect client. Will it be possible to let the XG itself establish the VPN connection, or is it impossible due to the proprietary character of the client?

  • 0 in reply to Sacha Roland

    Using Cisco anyConnect, the XG only respond to connection, it does not initiate it..

  • 0 in reply to Sacha Roland

    Hi,

    I have no experience with this answer, just theory.

    If you have integrated the XG into your AD then you might be able to control what applications the users are allowed to run from within the AD.

    Using the AD I think will allow you to setup permitted VPN parameters.

    I would search the forums for some answers as to VPNs that currently work and how to set them up or buy some time from your reseller/partner.

    Ian