Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 3 answers
  • Subscribers 28 subscribers
  • Views 4781 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is it possible to block Tor Browser when connected to a VPN via Cisco AnyConnect

Sacha Roland

In terms of firewalls I am a beginner (just bought my first XG). I want to set up a policy that blocks Tor Browser (so a user inside the network can't use Tor to surf the internet), for this case I found some threads and discussions. But while in general the use of proxies, tunnels and other anonymizing techniques should be blocked on the network, establishing a VPN connection to a particular university network should be possible. The VPN is established via Cisco AnyConnect Client. I want to make sure that even when using this VPN, a user is not able to use Tor Browser. Will this be possible (despite this limitation)? Which protections will I need, is web protection enough or will I need network protection as well?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

     

    You are going to define an application policy and apply it in the firewall rule.

     

  • 0 in reply to Bowale Oyenuga

    Thank you, I will try that. But I am wondering: how is it technically possible that the FW can examine the encrypted traffic that happens between a client computer and the VPN endpoint? How can the FW search in this encrypted traffic for app signatures? Or didn't I get the the overall concept at all?

  • 0 in reply to Sacha Roland

    Firewall Blocks application at the UDP level...

  • 0 in reply to Sacha Roland

    Firewall blocks application at the UDP level and application databases keep updating on the Firewall. So far you are connected to the Firewall and your traffic is passing through the firewall whether via vpn or Lan and your application policy has been well defined, the firewall would match your policy to block the app you defined in your firewall rule

  • 0 in reply to Bowale Oyenuga

    Hi,

    There are two basic scenarios :-

    1/. The applications are seen by the firewall

    a) using application and web poiicies after you install the XG CA on your devices.

    b) the connections are going through the web proxy and using known protocols.

    c) the VPNs originate or terminate on the firewall.

    in this case you can block TOR.

     

    2/. The VPNs start on the users device

    a) the firewall will not be able to inspect the traffic within the VPN because it does not have the details of the connection eg shared key, negotiated connection security settings.

    In this case you will not be able to block TOR.

    Ian

Reply
  • 0 in reply to Bowale Oyenuga

    Hi,

    There are two basic scenarios :-

    1/. The applications are seen by the firewall

    a) using application and web poiicies after you install the XG CA on your devices.

    b) the connections are going through the web proxy and using known protocols.

    c) the VPNs originate or terminate on the firewall.

    in this case you can block TOR.

     

    2/. The VPNs start on the users device

    a) the firewall will not be able to inspect the traffic within the VPN because it does not have the details of the connection eg shared key, negotiated connection security settings.

    In this case you will not be able to block TOR.

    Ian

Children