Configure Tor Exit Node Blocking

Tor Exit Node Blocking uses a list of known Tor exit node IP addresses from Reputation Enabled Defense (RED). To use Tor Exit Node Blocking, you must have a feature key that enables the RED subscription service. For more information, go to:

When you upgrade to Fireware v12.8.1 and higher or Fireware v12.5.10 and higher, if you previously enabled Botnet Detection, the upgrade process enables Tor Exit Node Blocking globally by default, which enables the feature in all policies. When Tor Exit Node Blocking is enabled, the Firebox blocks inbound traffic from known Tor exit node IP addresses. If you want to disable Tor Exit Node Blocking in a specific policy, go to Enable Tor Exit Node Blocking in a Policy.

When you manually enable Tor Exit Node Blocking, a warning message shows if you disabled automatic updates for the Tor exit node database. To configure automatic updates, go to Configure the Tor Exit Node Blocking Update Server.

  1. Select Subscription Services > Botnet Detection.
    The Botnet Detection page opens.

Screenshot of the Botnet Detection page

  1. Select the Block Tor Exit Nodes check box.
  2. Click Save.
  1. Select Subscription Services > Botnet Detection.
    The Botnet Detection dialog box opens.

Screenshot of the Botnet Detection dialog box

  1. Select the Block Tor Exit Nodes check box.
  2. Click OK.
  3. Save the configuration to the Firebox.

Related Topics

About Tor Exit Node Blocking

Monitor Tor Exit Node Blocking Activity

Configure the Tor Exit Node Blocking Update Server