Home > Security Appliances > Firewall and Traffic Shaping > Blocking P2P And File Sharing

Blocking P2P And File Sharing

Table of contents
No headers

Cisco Meraki Access Points and Security Appliances have the capability of creating Layer 7 firewall rules.  These rules make the job of a network administrator easier by giving a verbose description of what will be blocked. These rules can be created and applied:

 

Below is an example of three layer 7 rules configured to block all peer-to-peer traffic and assorted file sharing:

 

This example only blocks specific services/protocols, while still allowing some desired services:

 

While the specific rules to implement will be dependent on the environment, the general recommendation for blocking unwanted P2P traffic is to use the rules for:

  • Peer-to-peer (P2P) > All Peer-to-peer (P2P)
    This includes websites that torrents can be obtained from. Stopping the bigger named websites goes a long way in stopping torrenting.
  • Web file sharing > All Web file sharing
    This rule does not stop people from actually downloading the torrent file and having it on their computer.  What it does do is make the user incapable of starting the connection with the peer to continue or start the download of the shared content.

 

Note: File sharing programs, such as BitTorrent, are now able to be configured to encrypt traffic as secure HTTPS, potentially bypassing P2P traffic shaping rules that have been configured. Cisco Meraki MX Security Appliances and Wireless APs are capable of detecting some of the encrypted P2P traffic on the network. When encrypted P2P traffic is detected, it will be matched to any configured P2P traffic shaping rules, and honor the limitations that have been configured.  However if the traffic is encrypted, it may not be possible to accurately classify all of the offending traffic.

You must to post a comment.
Last modified

Tags

Classifications

This page has no classifications.

Explore the Product

Click to Learn More

Article ID

ID: 2274

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community