Solved

Best ASA Setup to block most traffic

Posted on 2012-03-31
5
617 Views
Last Modified: 2012-04-23
Hi,

I've attempted to block bit torrents, but it seems a never ending battle. So, i'm thinking of blocking ALL traffic in/out apart from specific ports. Is this a good idea?

Aside from HTTP/HTTPS/SNTP/SMTP/POP3 is there anything else I should open?
0
Comment
Question by:radiosupport
  • 3
5 Comments
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790212
Have you tried blocking the individual sites that the users' are getting the information from?

If they can't find the correct seed info, they shouldn't be able to download. Also, if you monitor it closely, you can find out who is doing it and file a disciplinary action.

I'm not sure if this will help, but you may be able to adapt what this article is saying and use it on your ASA: Block the Peer-to-Peer (P2P) and Instant Messaging (IM) Traffic Using MPF Configuration Example

It may take a little bit of work, but it looks like it may solve your problem.

Btw, do you also have a web filter (Barracuda)?
0
 

Author Comment

by:radiosupport
ID: 37790214
Hi,

Thanks. Our issue is with laptop users. They commence the download of the torrent off site, (therefore bypassing any URL filtering), then bring the laptop into work to use our bandwidth!

I "can" go down the disciplinary action, but I'm also after a quick fix...

We don't have a Barracuda, we use the CSC-SSM module.

Is my suggestion of locking down almost everthing not really feasible?
0
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790231
Pretty much, I'm pretty sure they can use those ports for torrenting just by switching up their configurations.

In CSC-SSM, have you tried the URL Filtering feature to block P2P?
0
 
LVL 2

Expert Comment

by:Sirjacksinurbox
ID: 37790563
My apologies, I actually realized that p2p traffic (not the site traffic, but the protocols) are layer 7 protocols.

I'm not sure that you would be able to block stuff like that on your network with an ASA. The most you could do would be to block the website.

Unless I'm missing something on the interwebs, your best bet would be to catch them in the act of downloading, and then narrow it down to them and forward it on to HR/Managers. Someone will have an example made of them and then it should stop.

A policy that we used at a place I used to work at was if they were caught using p2p on our networks, we would shut off their port to the outside world, only giving them local access to the network.

Sorry I couldn't be of more help. Good luck.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 37791750
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5506W VPN Clients not seeing local network 12 42
unable to set full duplex 100 on WAN interface 11 63
ASA 5506X create a simple DMZ 4 26
Cisco Edge Routers for BGP 6 50
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question