FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
chkvpatel_FTNT
Article Id 197176

Description
TOR custom IPS signature for legacy FortiOS versions:

Description TOR custom IPS signature
Components
  • FortiOS 2.8 and 3.0
Steps or Commands

To add a custom IPS signature, go to IPS> Signature>Custom and select Create New.

F-SBID( --name "TOR.Web.Proxy.TLSv1.Detection"; --protocol tcp; --flow from_client; --seq <,3000,relative; --pattern "|16 03 01|"; --within 3,packet; --pattern "|0b|"; --distance 2; --within 1; --pattern "|3c|identity|3e|0"; --no_case; --distance 15; --within 300; --pattern "Tor"; --no_case; --distance -100; --within 100; )


 
In FortiOS version 4.0 MR3 and version 5.0.x, the predefined signature "TOR" can be used under category "proxy", without using a custom signature:

pchittimella_TOR.PNG







Scope

FortiGate 4.0 MR3
FortiGate 5.0.x (MR0)


Solution



Contributors