Cisco Support Community
Community Member

Cisco SA520 - Unable to block all torrents and Poor Performance

Hi, I have installed a Cisco SA520W Appliance at a Client who has about 40-50 PC's, the device has the latest firmware 2.1.7 and latest IPS signature (17) installed, the client is quite disappointed about the performance of the device as he believes Internet browsing access has slowed down substantially.

The main problem the client is encountering is that, he is unable to block Utorrent P2P software and this is not allowing him to retain Internet control from the SA520 appliance.

He had also commented on the fact that there does not appear to be a status monitor on IP usage of Internet access to pinpoint who at that time would be hogging up the bandwidth.

Any feedback, same encounters scenarios and possible fixes to the above issues would be appreciated.



Everyone's tags (1)
Community Member

Cisco SA520 - Unable to block all torrents and Poor Performance

You might find this thread interesting regarding the router's performance with IPS turned on.  An SA540, and an access point, would yield slightly better performance.  That's what we use.

There are some older threads regarding the SA500 series router's ability to detect torrent activity.  You might want to dig them up and respond to them.  The Cisco folks were working diligently at optimizing the IPS engine's ability to detect different types of torrent activity.

There is no way to monitor Internet access usage at the individual IP level that I am aware of.  I suggest turning on network logging (to a syslog server as there will be a lot of data to capture) and monitor traffic that way.  Kiwi Syslog Server has a free version that your client could use.

Community Member

Cisco SA520 - Unable to block all torrents and Poor Performance

Here is the thread I was talking about.  I suggest you contact Cisco SMB tech support and/or reply to this thread with more specifics (sample torrent file, torrent client(s) not being detected/dropped, etc).

Community Member

Re: Cisco SA520 - Unable to block all torrents and Poor Performa

Thanks Curtis Counsil much appreciated. So basically this seems to conclude that as yet IPS is a major component in performance degradation on the SA520, and we would need to be very diligent on applying these settings on the appliance.

Therefore I have been unable to find a resolultion on Utorrent blocking and will contact Cisco SMB tech support on the matter as I have noticed little material and support on the issue in concern,

Perhaps QOS on UTorrent is a viable candidate to limit bandwidth usage for in-appropiate content, rather than just using IPS per se.?

Community Member

Cisco SA520 - Unable to block all torrents and Poor Performance

We really need a Cisco tech support guy to come into this discussion (hint, hint ).

If your client isn't using any functionality from turning on IPS other than trying to prevent torrent activity, then I think there might be a better way to achieve this goal without turning on IPS.  QoS... I don't know.  That is where I would start, but I would have to research the h3ll out of it because I've never used it.  We don't use VoIP phones or video conferencing so we've really never had an need to turn on QoS.  If someone hogs all the bandwidth it's usually needed and short lived.  This router really does a good job of preventing any one device from hogging all the bandwidth anyway (when several other devices are on the Internet at the same time, even when they are downloading files, etc.).

We need a QoS expert to chime in.  Again, hint, hint. 

Community Member

Cisco SA520 - Unable to block all torrents and Poor Performance

I have a client who bought a SA 540 with the IPS and filtering package.  There are about 40 users on the network.  We setup a test, which blocked a certain group of users from all but a handful of sites.  Internet access ground to a halt.  We had to disable the filtering and IPS.

The client has since gone to Websense Filtering with the trial underway now.  It looks promising, but let's be honest.  Websense is much more expensive.  Nevertheless, it should do what you want it to do concerning P2P networking.  It has great reports and you can see who is going where with the directory integration it supports.

CreatePlease to create content