03-11-2020 06:13 AM
Hi all,
On an ASA5525-X, how do I determine how much traffic is from streaming services, Netflix, Spotify, YouTube and so on, and how to effectively deny the traffic, if any? The use case would be, how limit AnyConnect users so they don't consume unnecessary ASA bandwidth/compute on streaming services.
Kind regards,
Michael
03-11-2020 06:58 AM
If you have setup netflow you can view what kind of bandwidth using each application/service.
if you looking to restrict VPN user bandwidth, you can start implementing the QoS on network for the Any connect users
03-11-2020 07:11 AM
03-11-2020 07:19 AM
QoS you can do that based on your priority test will be low preferred.
03-11-2020 10:02 AM
Hi,
For AnyConnect users, you could use split-tunnelling, so all unneeded traffic is routed directly to the local breakout, instead of the VPN tunnel. This would be the best option.
Now to really stand a chance and block that traffic in case you don't want split-tunnelling, or for your internal users, you would need a smart proxy deployed, or you could use MPF on the ASA(but this is far from being bullet proof):
class-map match-all NETFLIX
match protocol http host "*netflix.com*"
Regards,
Cristian Matei.
03-11-2020 12:22 PM
03-11-2020 02:13 PM
Hi,
You would need to do URL Filtering and/or app blocking. For example Cisco WSA is one such proxy; you may not be able to block everything which is tunnelled over HTTP/HTTPS with the basic functionality, but with some advanced tuning you'll make it.
Regards,
Cristian Matei.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide