I have just tested the IPS functionnality on a SA520 (60d free trial), enabling p2p "Detect and prevent", specifically Bittorrent.
After noticing Bittorrent downloads were still going through on the LAN, I contacted my local Cisco support, which tested on their side, and came back to me notifying this feature only blocks p2p "attacks" from the outside (ie, p2p "attacks" arriving on the WAN interface). But a local user firing up his Bittorrent client can still establish TCP sessions and download happily.
Having had a local presentation of the product before buying 7 of them, and according to the documentation, I was under the impression the IPS was doing some packet inspection on all ports to block p2p.
This is not the case, according to my local support. The only way to block p2p would be to use standart firewall rules (ie, blocking TCP/UDP above 1024) which is what I wanted to avoid and not blocking any "guest" user who can reconfigure his machine to use a port < 1024 anyway, on his p2p client.
Anyone knows of any plan to have a real packet inspection on the SA500, to detect p2p patterns and block them, whether from the WAN or LAN ?
In the meantime, documentation should really clarify the term "p2p blocking".