SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Trusted Contributor
Posts: 915
Registered: ‎08-10-2010
0 Kudos

Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

Hi all,

 

 

Currently i'm testing Application-Firewall feature in vSRX D100. I'm follow this url http://junosnotes.blogspot.my/2013/04/srx-application-firewall.html#more  . when i just use Application-Firewall without IDP custome then the torrent still can work. So is it until now SRX Application-Firewall still cannot block torrent without IDP? Another thing that i see during the test when we apply IDP then the current session torrent download will decrease. But it will not totally block the torrent session at same time. If i close torrent then open back torrent client the session cannot connect. So it's look like it will not totally block the current session torrent. Is it behavior like this?

 

test@vSRX-LAB# run show configuration security application-firewall rule-sets Block-STEAM-P2P-FB
rule p2p-block {
    match {
        dynamic-application junos:UNSPECIFIED-ENCRYPTED;
        dynamic-application-group junosSmiley Tongue2p:file-sharing;
    }
    then {
        deny;
    }
}
rule steam-block {
    match {
        dynamic-application junosSmiley FrustratedTEAM-STORE;
    }
    then {
        deny;
    }
}
rule facebook-block {
    match {
        dynamic-application-group junos:web:social-networking:facebook;
    }
    then {
        deny;
    }
}
default-rule {
    permit;
}

 

test@vSRX-LAB# run show configuration security policies from-zone DMZ-ZONE to-zone UNTRUST-INTERNET policy PERMIT-ALL
match {
    source-address any;
    destination-address any;
    application any;
}
then {
    permit {
        application-services {
            idp;
            utm-policy mix-policy;
            application-firewall {
                rule-set Block-STEAM-P2P-FB;
            }
            security-intelligence-policy secintel-policy1;
            advanced-anti-malware-policy aamw_policy1;
        }
    }
    log {
        session-init;
        session-close;
    }
}

 

Thanks and appreciate any advise.

Distinguished Expert
Posts: 1,951
Registered: ‎06-06-2011
0 Kudos

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

Take a look at this and see if helps you

https://forums.juniper.net/t5/SRX-Services-Gateway/blocking-torrent-and-p2p-traffic/td-p/43192

You can also use AppSecure which ou can get a trial license, I think.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Trusted Contributor
Posts: 915
Registered: ‎08-10-2010
0 Kudos

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

Hi lyndidon,

 

 

If i just use AppSecure it will not block torrent. So based on url that u give it need IDP together to block the torrent.

 

 

Thanks

Highlighted
Distinguished Expert
Posts: 1,951
Registered: ‎06-06-2011
0 Kudos

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

Yes. AppSecure use the IDP module. You can use IDP without App Secure but must use AppSecure with IDP. The shows that utorrent can be blocked. maybe I am not understanding the original question.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]