Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2839
Views
0
Helpful
7
Replies

Blocking torrent on ASA

gtrampus
Level 1
Level 1

‎02-05-2008 12:18 AM - edited ‎03-11-2019 04:59 AM

Hi,

I have an ASA5520 with 8.0 software. Is there anyway to block torrents?

thanx,

Gregor

Labels:
0 Helpful
7 Replies 7

1cmerchant
Level 1
Level 1

‎02-05-2008 06:20 AM

The way I block all unwanted traffic is to specify (via ACL permits) the traffic that I want to allow, and thus everything else is blocked. Of course this is all linked to your corporate security policy, etc.

Not sure if that would work for your environment, but it has worked well for me. The only real downside is that when someone wants (needs) to connect to things that aren't specifically permitted you have to go in and modify the ACL as required.

0 Helpful

gtrampus
Level 1
Level 1
In response to 1cmerchant

‎02-05-2008 06:31 AM

I know. I would done the same for me (or my company). But this is a request from a customer and i am not sure if ASA even supports this. Funny: you can easy block IM (yahoo or MS) but you can't block torrents which consumes a lot (or all of) bandwith.

Thanx ,)

Gregor

0 Helpful

cisco24x7
Level 6
Level 6
In response to gtrampus

‎02-05-2008 07:08 AM

If you want something to block torrents,

get a checkpoint firewall. SmartDefense

is integrated into Checkpoint firewall that

can help you to do just that.

CCIE Security

0 Helpful

srue
Level 7
Level 7
In response to cisco24x7

‎02-05-2008 07:42 AM

Or get an IPS module for your 5520. There are specific signatures to BT that can do exactly what you want. The problem with trying to block BT is that it can pretty much use any port.

0 Helpful

srue
Level 7
Level 7
In response to srue

‎02-05-2008 08:23 AM

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

this is what i was referring to. There are two different models compatible with the 5520.

one is around $4000 USD, the other around 7k.

0 Helpful

cisco24x7
Level 6
Level 6
In response to srue

‎02-05-2008 11:03 AM

"The problem with trying to block BT is that it can pretty much use any port."

That's what IPS supposed to do, be able to

detect these things. If Cisco IPS module on

ASA 5520 can not do that, then the IPS is

completely useless. SmartDefense in CP can

take care of this. If you don't want

to use Checkpoint, you can go with sourcefire

that can accomplish the same thing.

CCIE security

0 Helpful

gtrampus
Level 1
Level 1
In response to cisco24x7

‎02-05-2008 12:09 PM

Yeah. i asked just that....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card