Hello,
I think it's IDP policy which you need to configure to look at P2P traffic and IDP uses Application Identification as a tool.
Have You tried to block P2P using predefined P2P attack groups?
root> file show /var/db/idpd/sec-repository/attack-group.list | grep p2p | no-more
"Critical - P2P"
"Info - P2P"
"Major - P2P"
"Minor - P2P"
"Misc_Critical - P2P"
"Misc_Info - P2P"
"Misc_Major - P2P"
"Misc_Minor - P2P"
"Misc_P2P"
"Misc_P2P - All"
"Misc_P2P - Critical"
"Misc_P2P - Info"
"Misc_P2P - Major"
"Misc_P2P - Minor"
"Misc_P2P - Warning"
"Misc_Warning - P2P"
"P2P"
"P2P - All"
"P2P - Critical"
"P2P - Info"
"P2P - Major"
"P2P - Minor"
"P2P - Warning"
"Response_Critical - P2P"
"Response_Info - P2P"
"Response_Major - P2P"
"Response_Minor - P2P"
"Response_P2P"
"Response_P2P - All"
"Response_P2P - Critical"
"Response_P2P - Info"
"Response_P2P - Major"
"Response_P2P - Minor"
"Response_P2P - Warning"
"Response_Warning - P2P"
"Warning - P2P"
"[Recommended]Critical - P2P"
"[Recommended]Info - P2P"
"[Recommended]Major - P2P"
"[Recommended]Minor - P2P"
"[Recommended]Misc_Critical - P2P"
"[Recommended]Misc_Info - P2P"
"[Recommended]Misc_Major - P2P"
"[Recommended]Misc_Minor - P2P"
"[Recommended]Misc_P2P"
"[Recommended]Misc_P2P - All"
"[Recommended]Misc_P2P - Critical"
"[Recommended]Misc_P2P - Info"
Recommended]Misc_P2P - Major"
"[Recommended]Misc_P2P - Minor"
"[Recommended]Misc_P2P - Warning"
"[Recommended]Misc_Warning - P2P"
"[Recommended]P2P"
"[Recommended]P2P - All"
"[Recommended]P2P - Critical"
"[Recommended]P2P - Info"
"[Recommended]P2P - Major"
"[Recommended]P2P - Minor"
"[Recommended]P2P - Warning"
"[Recommended]Response_Critical - P2P"
"[Recommended]Response_Info - P2P"
"[Recommended]Response_Major - P2P"
"[Recommended]Response_Minor - P2P"
"[Recommended]Response_P2P"
"[Recommended]Response_P2P - All"
"[Recommended]Response_P2P - Critical"
"[Recommended]Response_P2P - Info"
"[Recommended]Response_P2P - Major"
"[Recommended]Response_P2P - Minor"
"[Recommended]Response_P2P - Warning"
"[Recommended]Response_Warning - P2P"
"[Recommended]Warning - P2P"
Your IDP policy should look like
set security idp idp-policy <policy-name> rulebase-ips rule <rule-name> match attacks predefined-attack-groups <predefined P2P attack group name from list above>
set security idp idp-policy <policy-name> rulebase-ips rule <rule-name> match application default
set security idp idp-policy <policy-name> rulebase-ips rule <rule-name> then action drop-packet
Hope the above makes sense
Rgds
Alex