Tor moves encrypted traffic across a network of Tor servers and provides anonymity to users. A Tor exit node is the final node that routes Tor traffic to a destination. Because some Tor traffic can be malicious, you can use the Tor Exit Node Blocking service to block inbound Tor exit node traffic to the Firebox (Fireware v12.8.1 and higher and Fireware v12.5.10 and higher). You can choose to disable Tor Exit Node Blocking because you might not want to block Tor exit node traffic for legitimate reasons.
When you first upgrade to a Fireware version that supports Tor Exit Node Blocking, and you enabled Botnet Detection previously, the upgrade process enables the Tor Exit Node Blocking feature and applies it to all policies by default. If you want to disable Tor Exit Node Blocking for a specific policy, see Enable Tor Exit Node Blocking in a Policy.
Tor Exit Node Blocking Sites List
Tor Exit Node Blocking uses a list of known Tor exit node IP addresses, which it adds to the Blocked Sites List. This enables the Firebox to block traffic from these IP addresses at the packet level. For more information about the Blocked Sites List, see About Blocked Sites.
You can create exceptions to the Blocked Sites List. For more information, see Create Blocked Sites Exceptions.
The list of Tor Exit Node Blocking IP addresses is too large to show in the Blocked Sites List in the user interface.
You can enable Tor Exit Node Blocking with the Reputation Enabled Defense (RED) feature key. For more information about RED, see About Reputation Enabled Defense.