Block P2P Like Bit torrent and Bear Share downloads.

Unanswered Question
carenas123 Mon, 02/16/2009 - 16:19

ASA 7.0 uses a combination of Modular Policy Framework and Advanced Application Firewall to inspect IM and P2P traffic within the HTTP stream.

Below is an example on how you can apply MPF to inspect IM and P2P

!Define HTTP port...This can be any port in addition to 80 (8080,etc)

class-map http-port

match port tcp eq 80


!Create an HTTP map called inbound_http

!Drop IM and P2P traffic

http-map inbound_http

content-length min 100 max 2000 action reset log

content-type-verification match-req-rsp reset log

max-header-length request bytes 100 action reset log

max-uri-length 100 action reset log

port-misuse p2p action drop

port-misuse im action drop

port-misuse default action allow


!Apply inbound_http inspection above to the policy-map called inbound_policy

policy-map inbound_policy

class http-port

inspect http inbound_http


!Finally apply the policy-map above to the the interface using the


service-policy inbound_policy interface outside

Documentation for this can be found via the link below:

You should be able to view the service-policy under ASDM

Configuration -->Service Policy ---> Service Policy Rules

Please try to apply the HTTP inspection rule to the Global Policy global_policy by doing the following:

Go to

Configuration --->Security Policy ---->Service Policy Rules

Highlight the Global Policy global_policy ---->Edit-->Rule Actions

---> Check the "HTTP" checkbox ---> "Configure" --->Select "inbound_http"

All of the above steps would enable Advanced HTTP inspection with P2P and IM blocking on all the interfaces of the ASA.


This Discussion