All traffic from Whonix-Workstation and Whonix-Gateway is routed over Tor.    
- Since Whonix 0.2.1, Whonix-Gateway traffic is also routed over Tor. In this way, use of Whonix is hidden from persons or systems observing the network.
- To preserve the anonymity of a user's Whonix-Workstation activities, it is not necessary to torify Whonix-Gateway's own traffic.
- For reader interest: If DNS settings on Whonix-Gateway are changed in Stream Isolation). , this only affects Whonix-Gateways's own DNS requests issued by applications using the system's default DNS resolver. By default, no applications issuing network traffic on Whonix-Gateway use the system's default DNS resolver. All applications installed by default on Whonix-Gateway that issue network traffic (apt-get, whonixcheck, timesync) are explicitly configured, or forced by uwt wrappers, to use their own Tor SocksPort (see
- Whonix-Workstation's default applications are configured to use separate Tor SocksPorts (see Stream Isolation), thereby not using the system's default DNS resolver. Any applications in Whonix-Workstation that are not configured for stream isolation - for example - will use the default DNS server configured in Whonix-Workstation (via ), which is the Whonix-Gateway. Those DNS requests are redirected to Tor's DnsPort by Whonix-Gateway's firewall. Whonix-Gateway's does not affect Whonix-Workstation's DNS requests.