02-05-2008 12:18 AM - edited 03-11-2019 04:59 AM
Hi,
I have an ASA5520 with 8.0 software. Is there anyway to block torrents?
thanx,
Gregor
02-05-2008 06:20 AM
The way I block all unwanted traffic is to specify (via ACL permits) the traffic that I want to allow, and thus everything else is blocked. Of course this is all linked to your corporate security policy, etc.
Not sure if that would work for your environment, but it has worked well for me. The only real downside is that when someone wants (needs) to connect to things that aren't specifically permitted you have to go in and modify the ACL as required.
02-05-2008 06:31 AM
I know. I would done the same for me (or my company). But this is a request from a customer and i am not sure if ASA even supports this. Funny: you can easy block IM (yahoo or MS) but you can't block torrents which consumes a lot (or all of) bandwith.
Thanx ,)
Gregor
02-05-2008 07:08 AM
If you want something to block torrents,
get a checkpoint firewall. SmartDefense
is integrated into Checkpoint firewall that
can help you to do just that.
CCIE Security
02-05-2008 07:42 AM
Or get an IPS module for your 5520. There are specific signatures to BT that can do exactly what you want. The problem with trying to block BT is that it can pretty much use any port.
02-05-2008 08:23 AM
this is what i was referring to. There are two different models compatible with the 5520.
one is around $4000 USD, the other around 7k.
02-05-2008 11:03 AM
"The problem with trying to block BT is that it can pretty much use any port."
That's what IPS supposed to do, be able to
detect these things. If Cisco IPS module on
ASA 5520 can not do that, then the IPS is
completely useless. SmartDefense in CP can
take care of this. If you don't want
to use Checkpoint, you can go with sourcefire
that can accomplish the same thing.
CCIE security
02-05-2008 12:09 PM
Yeah. i asked just that....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide