Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5636
Views
0
Helpful
5
Replies

How to block BITTORRENT using ASA5505

Go to solution
Samrat Bose
Level 1
Level 1

‎10-15-2015 07:53 PM - edited ‎03-11-2019 11:45 PM

Hello Experts,

I need a help. In my network I have an ASA5505 running with several ACLs' for several other purpose. Is it possible to block BITTORRENT data transmission using ASA5505 alone? Or do I need to have any other firewalls/software along with ASA5505 to block it?

I have noticed some basic port usage by the torrent client and based on that the following ACEs' I have created; but it seems to be no use. Because, even though sometimes torrent transmissions are disrupted, but majorly it's communicating.

 10 deny tcp any any eq 6969 (5984 matches)

    20 deny udp any any eq 80 (115784 matches)

    30 deny udp any any eq 1337 (1284 matches)

    40 permit ip any any (5905084 matches)

Please help me or advice me regarding how can I stop BITTORRENT transmission on a full-swing.

Thanks in advance.

Samrat Bose.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rishabh Seth
Level 7
Level 7
In response to Samrat Bose

‎10-15-2015 11:09 PM

Hi Samrat,

So basically FirePOWER is next gen firewall services which Cisco offers.

You can run FirePOWER on any 5500-x ASA. New firewalls such as 5506,5508,5516 comes pre-loaded with FirePOWER.

 

For more details you may refer: 

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

http://www.cisco.com/c/en/us/products/security/asa-firepower-services/models-comparison.html

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Rishabh Seth
Level 7
Level 7

‎10-15-2015 09:21 PM

Hi Samrat,

 

As the BITTORRENT hops ports while downloading data so it is difficult to block it with ACLs.

You require application identification to identify BITTORRENT traffic. You can read more about FirePOWER services which can identify applications to control traffic.

 

Thanks,

R.Seth

0 Helpful

Go to solution
Samrat Bose
Level 1
Level 1
In response to Rishabh Seth

‎10-15-2015 10:45 PM

Thank you for the advice, sincerely. Can you please tell me any other facts related to this FirePOWER.. Although I'll google it.

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to Samrat Bose

‎10-15-2015 11:09 PM

Hi Samrat,

So basically FirePOWER is next gen firewall services which Cisco offers.

You can run FirePOWER on any 5500-x ASA. New firewalls such as 5506,5508,5516 comes pre-loaded with FirePOWER.

 

For more details you may refer: 

http://www.cisco.com/c/en/us/products/collateral/security/asa-5500-series-next-generation-firewalls/datasheet-c78-733916.html

http://www.cisco.com/c/en/us/products/security/asa-firepower-services/models-comparison.html

Hope it helps!!!

Thanks,

R.Seth

Mark the answer as correct if it helps in resolving your query!!!

 

0 Helpful

Go to solution
Samrat Bose
Level 1
Level 1

‎10-15-2015 11:42 PM

Hi, it seems like I cannot use this with my 5505 firewall. Because (if I'm not wrong), the datasheet mentions that FirePower is applicable from 5506-X onwards.

 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to Samrat Bose

‎10-16-2015 12:01 AM

Yes, you are right. The 5506 can be compared to old 5505 firewall in terms of capacity.

 

Thanks,

R.Seth

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card