How to block MSN file transfer only

Unanswered Question
Dec 19th, 2007

I have an ASA firewall and I want to block the users to transfer files in the MSN instant messenger. I know there is a feature in Application Policy that should take care of it but it's not workint, I've set the IM inspection and set the File-transfer to reset connection but the users are still able to transfer files through it.

Any idea?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
JORGE RODRIGUEZ Fri, 12/21/2007 - 05:07

Correct, I was wrong I tested it as well and did not work.. I guess this must be blocked through app layer protocol inspection rules, let me take a look and possibly lab this out.



guibarati Thu, 12/20/2007 - 03:12

Sure, here it is:

class-map global-class

match default-inspection-traffic

class-map type inspect im match-all IM_MSN

match protocol msn-im yahoo-im

match service file-transfer

class-map mss_ajust

match access-list mss

class-map inside-class

match access-list inside_mpc

class-map IPS_map

match access-list IPS

class-map global-class1

match access-list global_mpc



policy-map type inspect im IM_Map


match not service chat

drop-connection log

policy-map IPS_policy

class IPS_map

ips inline fail-open

policy-map mss-http

class mss_ajust

set connection advanced-options mss-map

inspect http

policy-map global-policy

class global-class

inspect im IM_Map

inspect ftp

inspect icmp

class global-class1

ips inline fail-open

inspect im IM_Map

policy-map inside-policy

description Block msn

class inside-class

inspect im IM_Map


service-policy global-policy global

service-policy mss-http interface outside

service-policy inside-policy interface inside

I have tried to drop the traffic that maches:

not chat

file transfer

none has worked.



This Discussion