Skip to main content

 

Cisco Meraki Documentation

How to Block P2P And File Sharing

  1. Last updated
  2. Save as PDF

Introduction  

This how-to guide explains steps to configure Layer 7 firewall rules in the Meraki dashboard to block peer-to-peer (P2P) and file-sharing traffic. Blocking P2P and file-sharing traffic helps restrict access to unsupported or unauthorized applications and services. These rules can be applied: 

 

In certain circumstances, Traffic Analytics may report traffic that should be blocked by the Layer 7 firewall. This occurs most often with encrypted P2P traffic.  

Refer to the Additional Information section to learn more about Layer 7 firewall flow processing and traffic classification behavior. 

Prerequisites  

  • An MX security appliance or MR access point that supports Layer 7 firewall rules  

  • An active Meraki license for the supported device  

  • Access to the Meraki dashboard to configure firewall rules 

Step-by-step instructions  

  1. Select the dashboard network where the rule is to be configured.  

  1. Navigate to:  

  1. Wireless Configure > Firewall and traffic shaping  

  1. Security & SD-WAN > Configure > Firewall (WAN appliances)  

  1. For wireless networks, select the SSID the firewall rule.  

  1. Under Layer 7 firewall rules, click Add a layer 7 firewall rule.  

  1. Depending on the environment, use the drop-down menus to select one or more of the following application categories to block, as required: 

  • Peer-to-peer (P2P) > All Peer-to-peer (P2P)  

  • Web file sharing > All Web file sharing  

The Peer-to-peer (P2P) > All Peer-to-peer (P2P) rules include websites where torrent files can be obtained. 

The Web file sharing > All Web file sharing rules do not prevent users from downloading torrent files to their devices. However, it prevents users from establishing peer connections required to start or continue downloading shared content. 

  1. Click Save Changes.  

Below is an example of Layer 7 firewall rules configured to block all peer-to-peer traffic and assorted file-sharing traffic. 

Screenshot showing layer 7 rules configured to block all P2P and file sharing traffic

 

This example only blocks specific services/protocols, while still allowing some desired services:

Screenshot showing layer 7 rules configured to block specific P2P and file sharing traffic

Note: File sharing programs, such as BitTorrent, are now able to be configured to encrypt traffic as secure HTTPS, potentially bypassing P2P traffic shaping rules that have been configured. Cisco Meraki MX Security Appliances and Wireless APs are capable of detecting some of the encrypted P2P traffic on the network. When encrypted P2P traffic is detected, it will be matched to any configured P2P traffic shaping rules, and honor the limitations that have been configured.  However, if the traffic is encrypted, it may not be possible to accurately classify all of the offending traffic.

Verification 

  • The configured Layer 7 firewall rules are listed on the firewall configuration page 

  • Peer-to-peer (P2P) and web file-sharing traffic is blocked successfully 

Additional information 

This section explains how the Layer 7 firewall operates and makes blocking decisions about observed traffic. 

What is a flow? 

A flow is defined by the firewall as one connection socket. Each port used in communication between a source and destination pair is considered one socket. 

For example, communication between 10.1.1.1 on port 234 and 10.2.2.2 on port 432 is considered one socket. 

Blocking a flow with a Layer 7 firewall 

The Layer 7 firewall performs blocking operations per traffic flow. The requirements for the firewall to make a blocking decision depend on how the traffic is classified. 

For encrypted P2P traffic, the firewall examines up to 200 packets in the upload direction before making a blocking decision and interrupting the flow. If the traffic is classified by the traffic analyzer before the flow is interrupted, the transferred data will appear in Traffic Analytics as P2P traffic. 

An example of this can be seen below: 

Encrypted P2P example.png

In this example, encrypted P2P traffic appears in Traffic Analytics because data was transferred before the firewall completed traffic classification and interrupted the flow. 

As a result, some encrypted P2P traffic may temporarily appear in Traffic Analytics before Layer 7 firewall blocking is enforced.  

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Reference
    Stage
    Final
  2. Tags
    1. bittorent
    2. file sharing
    3. p2p