Blocking P2P And File Sharing

Cisco Meraki Access Points and Security Appliances have the capability of creating Layer 7 firewall rules.  These rules make the job of a network administrator easier by giving a verbose description of what will be blocked. These rules can be created and applied:

• For all devices on the network using network-wide layer 7 rules.
• For specific devices via group policies.

Below is an example of three layer 7 rules configured to block all peer-to-peer traffic and assorted file sharing:

This example only blocks specific services/protocols, while still allowing some desired services:

While the specific rules to implement will be dependent on the environment, the general recommendation for blocking unwanted P2P traffic is to use the rules for:

• Peer-to-peer (P2P) > All Peer-to-peer (P2P)
  This includes websites that torrents can be obtained from. Stopping the bigger named websites goes a long way in stopping torrenting.
• Web file sharing > All Web file sharing
  This rule does not stop people from actually downloading the torrent file and having it on their computer.  What it does do is make the user incapable of starting the connection with the peer to continue or start the download of the shared content.

Note: File sharing programs, such as BitTorrent, are now able to be configured to encrypt traffic as secure HTTPS, potentially bypassing P2P traffic shaping rules that have been configured. Cisco Meraki MX Security Appliances and Wireless APs are capable of detecting some of the encrypted P2P traffic on the network. When encrypted P2P traffic is detected, it will be matched to any configured P2P traffic shaping rules, and honor the limitations that have been configured.  However, if the traffic is encrypted, it may not be possible to accurately classify all of the offending traffic.