Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking torrent on ASA

Hi,

I have an ASA5520 with 8.0 software. Is there anyway to block torrents?

thanx,

Gregor

7 REPLIES
New Member

Re: Blocking torrent on ASA

The way I block all unwanted traffic is to specify (via ACL permits) the traffic that I want to allow, and thus everything else is blocked. Of course this is all linked to your corporate security policy, etc.

Not sure if that would work for your environment, but it has worked well for me. The only real downside is that when someone wants (needs) to connect to things that aren't specifically permitted you have to go in and modify the ACL as required.

New Member

Re: Blocking torrent on ASA

I know. I would done the same for me (or my company). But this is a request from a customer and i am not sure if ASA even supports this. Funny: you can easy block IM (yahoo or MS) but you can't block torrents which consumes a lot (or all of) bandwith.

Thanx ,)

Gregor

Silver

Re: Blocking torrent on ASA

If you want something to block torrents,

get a checkpoint firewall. SmartDefense

is integrated into Checkpoint firewall that

can help you to do just that.

CCIE Security

Gold

Re: Blocking torrent on ASA

Or get an IPS module for your 5520. There are specific signatures to BT that can do exactly what you want. The problem with trying to block BT is that it can pretty much use any port.

Gold

Re: Blocking torrent on ASA

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6825/product_data_sheet0900aecd80404916_ps6120_Products_Data_Sheet.html

this is what i was referring to. There are two different models compatible with the 5520.

one is around $4000 USD, the other around 7k.

Silver

Re: Blocking torrent on ASA

"The problem with trying to block BT is that it can pretty much use any port."

That's what IPS supposed to do, be able to

detect these things. If Cisco IPS module on

ASA 5520 can not do that, then the IPS is

completely useless. SmartDefense in CP can

take care of this. If you don't want

to use Checkpoint, you can go with sourcefire

that can accomplish the same thing.

CCIE security

New Member

Re: Blocking torrent on ASA

Yeah. i asked just that....

2210
Views
0
Helpful
7
Replies
CreatePlease login to create content