Hello,
I just installed an ERX on an isolated network yesterday both to learn the EdgeMax line and to isolate one network. I have just done the standard WAN-2LAN2 wizard and added hwnat offload. Otherwise it is straight out of the box on a residential-class Cox line (DHCP in). When I turned on DPI, I have one system that shows small amounts (maybe 1kb per hour) of tor traffic. This particular system had been connected recently to a network that has the potential to have been compromised (a know hacker gained physicl access to the site ). I have started running other similar clients on the ERX network (with the subject system off the lines) and I see no such traffic. I know the tor traffic may be mis-classification but the low volume, and system history, make me suspect a backdoor, etc.
Anyway the question: I have read that there is a way to set up a firewall rule to block tor now (I am on EdgeOS 1.9) but I don't know enough yet to set up the rule. Can anyone help? I figure If I block it I can eventually identify it.
Thanks