SRX Services Gateway
SRX Services Gateway

Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

09.07.17   |  
‎09-07-2017 08:54 AM

Hi all,

 

 

Currently i'm testing Application-Firewall feature in vSRX D100. I'm follow this url http://junosnotes.blogspot.my/2013/04/srx-application-firewall.html#more  . when i just use Application-Firewall without IDP custome then the torrent still can work. So is it until now SRX Application-Firewall still cannot block torrent without IDP? Another thing that i see during the test when we apply IDP then the current session torrent download will decrease. But it will not totally block the torrent session at same time. If i close torrent then open back torrent client the session cannot connect. So it's look like it will not totally block the current session torrent. Is it behavior like this?

 

test@vSRX-LAB# run show configuration security application-firewall rule-sets Block-STEAM-P2P-FB
rule p2p-block {
    match {
        dynamic-application junos:UNSPECIFIED-ENCRYPTED;
        dynamic-application-group junosSmiley Tongue2p:file-sharing;
    }
    then {
        deny;
    }
}
rule steam-block {
    match {
        dynamic-application junosSmiley FrustratedTEAM-STORE;
    }
    then {
        deny;
    }
}
rule facebook-block {
    match {
        dynamic-application-group junos:web:social-networking:facebook;
    }
    then {
        deny;
    }
}
default-rule {
    permit;
}

 

test@vSRX-LAB# run show configuration security policies from-zone DMZ-ZONE to-zone UNTRUST-INTERNET policy PERMIT-ALL
match {
    source-address any;
    destination-address any;
    application any;
}
then {
    permit {
        application-services {
            idp;
            utm-policy mix-policy;
            application-firewall {
                rule-set Block-STEAM-P2P-FB;
            }
            security-intelligence-policy secintel-policy1;
            advanced-anti-malware-policy aamw_policy1;
        }
    }
    log {
        session-init;
        session-close;
    }
}

 

Thanks and appreciate any advise.

3 REPLIES
SRX Services Gateway

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

09.07.17   |  
‎09-07-2017 11:41 PM

Take a look at this and see if helps you

https://forums.juniper.net/t5/SRX-Services-Gateway/blocking-torrent-and-p2p-traffic/td-p/43192

You can also use AppSecure which ou can get a trial license, I think.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
SRX Services Gateway

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

09.07.17   |  
‎09-07-2017 11:47 PM

Hi lyndidon,

 

 

If i just use AppSecure it will not block torrent. So based on url that u give it need IDP together to block the torrent.

 

 

Thanks

Highlighted
SRX Services Gateway

Re: Application-Firewall cannot block torrent (utorrent) if not combine with IDP?

09.08.17   |  
‎09-08-2017 09:56 AM

Yes. AppSecure use the IDP module. You can use IDP without App Secure but must use AppSecure with IDP. The shows that utorrent can be blocked. maybe I am not understanding the original question.

[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]