Blocking P2P & IM Traffic

[spootnicks]

Hi,
I have enabled the Application Intelligence > Web > HTTP Protocol Inspection > Peer to Peer blocking.

But that seems not to work. From the internal environment I am still able to run MSN. I have also tried creating a policy in the rule base stating the following:

Source = ANY Destination = ANY Service = Messenger_Applications, P2P_File_Sharing_Applications, MSNP

And that still doesn't make a difference. I am still able to access MSN.

Any thoughts?

[chillyjim]

Version and HFA?
Have you updated your SMDF? The P2P/IM stuff is a moving target so you really have to keep SMDF up to date.

[spootnicks]

This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_15, Hotfix 528 - Build 003
------------------------------------------------------

What is SMDF? and how do I updated it?

[chillyjim]

Quote:

Originally Posted by spootnicks

This is Check Point VPN-1(TM) & FireWall-1(R) NG with Application Intelligence (R55) HFA_15, Hotfix 528 - Build 003
------------------------------------------------------

What is SMDF? and how do I updated it?

SMDF = SmartDefense. You need a SMDF subscriptiion.

There are a lot of P2P/IM blocking options in NGX (R60/R61)

If your SS is up to date you can upgrade to R60 (HFA3 BTW)

[stuartgreen]

best way would be to run a tcpdump / fwmonitor for the client you're connecting to msn with - watch all the ports it uses and make a note of them all and add to a service group. I think MSN can connect over http if its proprietary services are unavailable?