06-06-2012 02:04 PM
I would like to block everything in the file-sharing subcategory of the general-internet category. Currently we are allowing this subcategory.
I would like to see what the impact of a policy like this would be, so I setup a policy for this subcategory but set it to allow so I can look at the traffic log for everything that triggers on this rule. I am seeing a lot of traffic hit this policy probably because I had to add so many applications to the rule (like web-browsing & ssl) so that the packets can be broken down further.
Is there a recommended way to block this traffic?
06-06-2012 03:11 PM
Hi...You can run a report on your network to see what apps would match the subcategory. This will give you an idea of the policy you want to enforce. The report setting can be:
timeframe: last 7 days
database: Application Statistics
filter: (subcategory-of-name eq file-sharing)
Typically, most enterprises would block file-sharings that are peer-2-peer like bittorrent & gnutella. May we suggest that you start with that. Thanks.
06-12-2012 07:29 AM
I ran a report on sub-category of file-sharing and it shows me that bittorrent (for example) is being used. Now how do I find out who is using bittorrent?
06-12-2012 11:30 PM
If you have userid configured you should see a username aswell, otherwise at least the srcip.
You can use the same rule in ACC to get this data (dont forget to change timeline otherwise you will watch just last hour or such).
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
