I have the below config in ASA for diverting traffic to IPS module.
But still im unable to block as well as not able to see torrentz traffic in IDM logs, by checking on IDM logs and "show event past 00:00:10".
access-list ips_acl_1 extended permit ip any any
ciscoasa# show run | begin class-map
match access-list ips_acl_1
ips inline fail-open
service-policy ips_policy_map1 interface outside
In IPS, Sig0 > P2P > Torrentz > I have selected all the signaures.
In the Configuration->IPS Policy, select the VS and click edit, Here we have blocked only High Risk alerts, and Medium and Low it was just "packet logging"
Can anybody revert to me please..
Last time I tested Cisco's ability to block Bit Torrent traffic (about 2 years ago) it was unable to detect encrypted Bit Torrent traffic.
Are you getting any hits on your existing torrent sigs?