Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

blocking certain application / protocol traffic

bberry
Level 1
Level 1

‎10-22-2007 07:38 AM - edited ‎03-09-2019 07:04 PM

I have started tinkering with SDM and noticed that it has a feature for Netflow and Application/Protocol Traffic displays. I have been using my internet router as the test subject. I noticed that there appears to have been traffic such as edonkey, quntella and vdolive applications the router had detected. Is there a way I can narrow down the useage of this traffic or block it on the rotuer? I am running a feature set that allows firewall and IPS on the router?

Would it be better to block this traffic before it on the 4506 before it hits the PIX and the router or simply block it on the router? I am thinking the router would be better because of the difference in processing power and the like.

Does the IPS feature set on the router work in an inline mode that I could use to block or manage the unwanted traffic?

Labels:
0 Helpful
1 Reply 1

mattiaseriksson
Level 3
Level 3

‎10-23-2007 07:00 AM

You don't need IPS, it is much easier to use NBAR on your outside router (or any router between the source host and the Internet connection). NBAR can match specifically on p2p connections and can either be dropped completely or rate-limited.

A sample IOS-router NBAR configuration to drop gnutella packets:

class-map match-any p2p

match protocol gnutella file-transfer *

policy-map block-p2p

class p2p

drop

0 Helpful
Customers Also Viewed These Support Documents