Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Bronze

How to block MSN file transfer only

I have an ASA firewall and I want to block the users to transfer files in the MSN instant messenger. I know there is a feature in Application Policy that should take care of it but it's not workint, I've set the IM inspection and set the File-transfer to reset connection but the users are still able to transfer files through it.

Any idea?

7 REPLIES

Re: How to block MSN file transfer only

msm messanger file Transfers uses tcp ports 6891-6900, try blocking these..

http://www.chebucto.ns.ca/~rakerman/port-table.html

Rgds

Jorge

Bronze

Re: How to block MSN file transfer only

I blocked that ports but it did not work.

Re: How to block MSN file transfer only

Correct, I was wrong I tested it as well and did not work.. I guess this must be blocked through app layer protocol inspection rules, let me take a look and possibly lab this out.

Rgds

Jorge

Community Member

Re: How to block MSN file transfer only

Could you post the relevant section of your inspection config?

Bronze

Re: How to block MSN file transfer only

Sure, here it is:

class-map global-class

match default-inspection-traffic

class-map type inspect im match-all IM_MSN

match protocol msn-im yahoo-im

match service file-transfer

class-map mss_ajust

match access-list mss

class-map inside-class

match access-list inside_mpc

class-map IPS_map

match access-list IPS

class-map global-class1

match access-list global_mpc

!

!

policy-map type inspect im IM_Map

parameters

match not service chat

drop-connection log

policy-map IPS_policy

class IPS_map

ips inline fail-open

policy-map mss-http

class mss_ajust

set connection advanced-options mss-map

inspect http

policy-map global-policy

class global-class

inspect im IM_Map

inspect ftp

inspect icmp

class global-class1

ips inline fail-open

inspect im IM_Map

policy-map inside-policy

description Block msn

class inside-class

inspect im IM_Map

!

service-policy global-policy global

service-policy mss-http interface outside

service-policy inside-policy interface inside

I have tried to drop the traffic that maches:

not chat

file transfer

none has worked.

thanks

Community Member

Re: How to block MSN file transfer only

Thanks. Try replacing IM_Map as follows:

policy-map type inspect im IM_Map

class IM_MSN

drop-connection log

Community Member

Re: How to block MSN file transfer only

Did you manage to block the file transfering with that solution?

208
Views
0
Helpful
7
Replies
CreatePlease to create content