Blocking Tor traffic


In this recipe, you will block users on your network from accessing the Internet who use the Tor browser.

The Tor network allows users to browse the Internet anonymously by bouncing traffic around a distributed network of relays located around the world. Observers are unable to determine the source and destination of Tor traffic since it doesn’t take a direct route from source to destination.

This recipe uses the default Application Control signatures for the Tor client and web-based Tor.  These signatures only match unmodified versions of the Tor application.

Find this recipe for other FortiOS versions:
5.2 | 5.4

1. Enabling Application Control

Go to System > Feature Select to ensure that Application Control is enabled.

2. Blocking Tor traffic in Application Control using the default profile

Go to Security Profiles > Application Control to edit the default profile.

Under Application Overrides, select Add Signatures.

Filter by Category: Tor and Proxy: Name to search for Tor.

Two signatures will appear: one for the web-based Tor usage and one for the Tor client.

Highlight both signatures and click Use Selected Signatures.

Both signatures now appear in the Application Overrides list, with the Action set to Block.

3. Adding application control to your security policy

Go to Policy & Objects > IPv4 Policy to edit the policy that allows connections from the internal network to the Internet.

Set Source to all.

Under the Security Profiles heading, enable Application Control and use the default profile. Enable SSL/SSH Inspection and use deep-inspection.

4. Results

Browse the Internet using the Tor browser. The Tor browser will be blocked.

Go to Log & Report > Application Control. You will see that Tor traffic has been blocked. 

For further reading, check out Application Control in the FortiOS 5.4 Handbook.

Fortinet Technical Documentation

Fortinet Technical Documentation

Contact Fortinet Technical Documentation at
Fortinet Technical Documentation

Latest posts by Fortinet Technical Documentation (see all)

  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.