Block TOR Application in Juniper SRX

TOR application allows users to browse any sites, by bypassing firewall. So all the policies, rules configured in SRX goes in vain if users in the network are using TOR application in their browsers. Juniper SRX can’t block TOR application but there is a work around method that can be used to block TOR application to some level. The steps shown here to block TOR application in Juniper SRX is not permanent fix as the IPs used by TOR application changes dynamically.

Block TOR Application in Juniper SRX

To block the TOR application in Juniper SRX, the only way I know to block is by blocking all the IP addresses used by TOR application. There is a site called www.dan.me.uk which finds the list of all the IP addresses used by TOR application, thanks to dan.me.uk.

You can view the list of all the IPs used by TOR application here. There can be about 6000 IP addresses which is quite a lot.

The trick is to use all these IPs in SRX and block them all by using firewall filter. There are 6K IP addresses, how can you put all that in firewall filter in shortcut. Again, the trick is to use Notepad++ application.

Step 1. Copy all the IP addresses from here and paste it in the Notepad++.

Step 2. Now, insert “;” after each IP address. You can do so by using Replace tool in Notepad++, as shown below. Find for “\r” and replace with “;”. Don’t forget to choose Extended option in under search mode in the same box.

Step 3. Now login to SRX and create a firewall filter. Before creating a firewall filter we have to create prefix-list under [edit policy-options] hierarchy.

{primary:node0}[edit policy-options prefix-list TOR-ADDRESS-LIST]
root@SRX# load merge terminal relative
[Type ^D at a new line to end input]

{primary:node0}[edit policy-options]
root@SRX# show
prefix-list TOR-ADDRESS-LIST {
    2.1.254.209/32;
    2.4.148.58/32;
    2.25.26.77/32;
    .
    .
    .
    .
    2.33.88.122/32;
}

Step 4. Now configure the firewall filter. You can also configure logging in SRX to view the logs later.

{primary:node0}[edit firewall filter BLOCK-TOR]
root@SRX# show
term TOR-LIST {
    from {
        source-prefix-list {
            TOR-ADDRESS-LIST;
        }
    }
    then {
        syslog;
        discard;
    }
}
term ALLOW-REST {
    then accept;
}

Step 5. Now apply the filter in Internet facing interface in inbound direction as shown below.

{primary:node0}[edit interfaces reth1]
root@SRX# show
description ****CONNECTED-TO-ISP1***;
redundant-ether-options {
    redundancy-group 1;
}
unit 0 {
    family inet {
        filter {
            input BLOCK-TOR;
        }
        address 100.10.10.2/30;
    }
}

In this way you can block TOR browsers used by your internal users to bypass the firewall.

Bài liên quan

Configure PAgP EtherChannel in Cisco IOS Switch

SRX HA Modes

Configure VRF in Cisco IOS Router

How to configure CacheGurard web gateway

Redistribute Static Route into EIGRP in Cisco IOS Router

Configure MPLS IP on Cisco IOS Router

Chassis Cluster Configuration on Juniper SRX-1500 firewalls

Configure Inter VLAN Routing in Cisco Router

Cisco Juniper Commands

Understand Control plane vs Data Plane log differences on Juniper SRX

Load Balance Dual ISP Internet in Juniper SRX

Configure Filter Based Load Balancing in Juniper SRX

LINK AGGREGATION – PART 3 (LACP CONFIGURATION ON JUNIPER DEVICES)

Redistribute BGP Route into OSPF in Cisco IOS Router

Cấu hình EX8208 Virtual Chassis

Configure VLANs in Juniper Switch

Configure Dynamic NAT in Cisco IOS Router

Run a packet capture on a Juniper SRX

Shorewall is a gateway/firewall (iptables) configuration tool for GNU/Linux.

Kết nối EX8208 tới External Routing Engines XRE200

Configure Proxy ARP in Juniper SRX Gateway

Configure site2site VPN between Juniper SRX and Cisco ASA firewalls

Linux Security: Disable Root SSH Login on CentOS/Redhat

Juniper Commands to monitor Network System for Network Admin

Configure Redistribution between RIP and OSPF in Cisco IOS Router

prev next