I want to block torrents in my environment. To achieve this Application control feature of MWG 7.1.6 was used. When i test it in explicit mode it works fine but in transparent bridge mode it doesn't work..Please help me with this!
Cycle: request, response, embedded all enable
criteria: application.name: p2p
TCP dump in transparent mode is attached
There is little to no HTTP traffic at all on that trace, other than some tracker connections.
All the traffic you are seeing is UDP BitTorrent traffic that actually does the file transfers.
MWG does not handle anything other than HTTP web traffic, not the non-web traffic that BitTorrent uses.
You would have to block all outgoing traffic from the client to the internet at the firewall to control non-web traffic. Or use a firewall that can identify applications like bittorrent and skype and block them accordingly. (Like the McAfee Firewall)
Thanks for the reply!
But then why does torrent blocking work when i use explicit mode. These UDP traffic would still be generated from client...
how does the application blocking feature works in case of p2p definition? What check does the engine make to find out p2p traffic over the web.