Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1155
Views
0
Helpful
5
Replies

Definition of proxy users, tor and tunnel

admins0011111
Level 1
Level 1

‎03-24-2017 03:46 AM - edited ‎03-12-2019 06:20 AM

Is it possible to determine users that connect to my services by proxy, vpn tunnels or TOR?

I know that IS can block by tor_exit_node, but I need only to determine.

Also I see that SFR can to determine applications like proxy and vpn, but it's not clear how to use it. 

Who as defines such things?

Labels:
0 Helpful
5 Replies 5

Claudiu Cismaru
Cisco Employee
Cisco Employee

‎03-27-2017 11:31 AM

It's unclear what you want to achieve. Can you refine your question? The sensors can detect user logins through some type of protocols, but I believe you want to achieve something else...

0 Helpful

admins0011111
Level 1
Level 1
In response to Claudiu Cismaru

‎03-27-2017 09:06 PM

Sorry, I just want to see who comes to my sites via VPN or proxy, etc.

0 Helpful

Claudiu Cismaru
Cisco Employee
Cisco Employee
In response to admins0011111

‎03-28-2017 03:03 AM

I haven't tried, but you can try to add the lists on Whitelist, deploy the policy and then check in Table View of Connection Events, Security Intelligence Category.

0 Helpful

vaibhav.parlekar1
Level 1
Level 1

‎03-27-2017 04:04 PM

Hi, 

There are security intelligence objects for Tor exit nodes. Once you enable them in the security rules for blocking or alerting any user traffic accessing the Tor exit nodes there will be an event generated for the same. 

Hope this is what you are looking for.

0 Helpful

admins0011111
Level 1
Level 1
In response to vaibhav.parlekar1

‎03-27-2017 09:05 PM

1) This does not work very well. I tried to go to my services trough TOR many times and all times it worked, my sites were opened.

2) I do not need to block them, I need to know them.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card