-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to Block BitTorrent Traffic using App Control Advanced
09/30/2022 
110 People found this article helpful
484,150 Views
Description
This article covers how to block BitTorrent traffic using App Control Advanced.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Login to the SonicWall Management GUI.
- Click on POLICY ,Navigate to the Security Services | App Control.
- Check the box under Enable App Control and click on the Accept button at the battom of the page to enable App Control.
- On the top of the page click on Signature and select P2P under Category and Application under Viewed by.
- Select BitTorrent Protocol under Application.
- Click on the configure icon under Application with BitTorrent Protocol selected.
- In the Edit App Control App window, select Enable under Block and Log.
- Click on OK to save.
Enabling Signature ID 5
- Select Proxy-Access under Application and Signature under Viewed by.
- Select Encrypted Key Exchange under Application.
- Click on the configure icon under Application with Encrypted Key Exchange with the Signature id 5 selected.
- In the Edit App Control Signature window, set Block and Log to Enable.
- Click on OK to save the settings.
NOTE: Enabling the above signature has the unintended consequence of blocking outbound encrypted TCP packets which includes Ultrasurf, Ammy Admin, Skype, Psiphon, eMule, and other traffic. These applications use encrpyted tcp sessions. For this reason, all encrypted sessions look alike at the firewall, and there is no way to identify from which application the encrypted TCP session is coming. Therefore, enabling prevention for this signature--SID 5 for TCP, will necessarily block all and any encrypted sessions emanating from these evasive applications. There is no way to distinguish between them.
Enabling Application Control on zones
- Navigate to OBJECT | Zones.
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
- Click on OK to save.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Login to the SonicWall Management GUI.
- Click on MANAGE ,Navigate to the RULES | Advanced Application Control page.
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced > View Style select P2P under Category.
- Select BitTorrent Protocol under Application
- Click on the configure icon under Application with BitTorrent Protocol selected.
- In the Edit App Control App window, select Enable under Block and Log.
- Click on OK to save and Click Accept at the bottom.
Enabling Signature ID 5
- Under Lookup Signature ID, enter 5 and click on the configure button.
- In the Edit App Control Signature window, set Block and Log to Enable.
- Click on OK to save the settings.
NOTE: Enabling the above signature has the unintended consequence of blocking outbound encrypted TCP packets which includes Ultrasurf, Ammy Admin, Skype, Psiphon, eMule, and other traffic. These applications use encrpyted tcp sessions. For this reason, all encrypted sessions look alike at the firewall, and there is no way to identify from which application the encrypted TCP session is coming. Therefore, enabling prevention for this signature--SID 5 for TCP, will necessarily block all and any encrypted sessions emanating from these evasive applications. There is no way to distinguish between them.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
- Click on OK to save.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
- Login to the SonicWall Management GUI.
- Navigate to the Firewall | App Control Advanced page. In Gen5 TZ devices this page is under Security Services | App Control.
- Check the box under Enable App Control and click on the Accept button at the top to enable App Control.
- Under App Control Advanced | View Style select P2P under Category.
- Select BitTorrent Protocol under Application
- Click on the configure icon under Application with BitTorrent Protocol selected.
- In the Edit App Control App window, select Enable under Block and Log.
- Click on OK to save.
Enabling Signature ID 5
- Under Lookup Signature ID, enter 5 and click on the configure button.
- In the Edit App Control Signature window, set Block and Log to Enable.
- Click on OK to save the settings.
NOTE: Enabling the above signature has the unintended consequence of blocking outbound encrypted TCP packets which includes Ultrasurf, Ammy Admin, Skype, Psiphon, eMule, and other traffic. These applications use encrpyted tcp sessions. For this reason, all encrypted sessions look alike at the firewall, and there is no way to identify from which application the encrypted TCP session is coming. Therefore, enabling prevention for this signature--SID 5 for TCP, will necessarily block all and any encrypted sessions emanating from these evasive applications. There is no way to distinguish between them.
Enabling Application Control on zones
- Navigate to Network | Zones
- Click on the configure button under the zone where you want enable App Control.
- Check Enable App Control Service.
- Click on OK to save.
Related Articles
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
- SonicWall TZ80 In-Product settings migration
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall NSA Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
YES
NO