HowtoblockP2PApplications(eg.

BitTorrent,eMule)
usingApplicationControlPolicies(5.8.0.0andabove)
(SW8619)

Ttulo

UTM:HowtoblockP2PApplications(eg.BitTorrent,eMule)usingApplicationControlPolicies
(5.8.0.0andabove)

Resoluo

ArticleAppliesTo:

SonicWALLSecurityAppliancePlatforms:

Gen5:NSAE8500,NSAE7500,NSAE6500,NSAE5500,NSA5000,NSA4500,NSA3500,NSA2400,
NSA240,NSA220,NSA220W,NSA250M,NSA250MW
Gen5TZSeries:TZ210,TZ210W,TZ205,TZ205W,TZ105,TZ105W
Firmware/SoftwareVersion:SonicOSEnhanced5.8.0.0andabove

Services:AppControl,AppRules
Feature/Application:

The application signature databases that were previously included with SonicWALL Intrusion Prevention
Service(IPS)arenowpartoftheApplicationControlfeature.Thesesignaturedatabasesareusedtoprotect
users from application vulnerabilities as well as worms, Trojans, peertopeer transfers, spyware and
backdoorexploits.TheextensiblesignaturelanguageusedinSonicWALLsDeepPacketInspectionengine
alsoprovidesproactivedefenseagainstnewlydiscoveredapplicationandprotocolvulnerabilities.

WhenconfiguredwithintheApplicationFirewallenvironment,theadministratorisallowedfarmoregranular
control over the configuration and actions than could previously be applied to IPS signatures. This article
describesthemethodtoblocktheP2PapplicationBitTorrentusingApplicationControl.

Procedure:

TocreateanApplicationControlpolicy,firstcreateamatchobjectoftypeApplicationCategoryList,
ApplicationList,ApplicationSignatureList.Thesethreetypesallowforselectionofeithergeneral
applicationcategories,applicationsorindividualapplicationsignatures.Asweareblockingindividual
applicationsinthisarticle,wewillbecreatingamatchobjectoftypeApplicationList.

CreatingMatchObject
 LogintotheSonicWALLManagementGUI.
NavigatetoFirewall>MatchObjects
ClickonAddNewMatchObject
IntheAdd/EditMatchObjectwindowenterthefollowing:
Name:Enteranameforthismatchobject
MatchObjectType:SelectApplicationListfromthedropdown.
ApplicationCategory:SelectP2P(22)fromthedropdown.
Application:SelectP2PBitTorrent(7)&P2PeMule(5)andclickonAddaftereachselection.
ClickontheOKbuttontosavethechanges.

ClickToSeeFullImage.

CreatingAppRulespolicy

Nowthatwehavecreatedamatchobjectofwhatweneedtoblock,let'screateaAppRulespolicyto
definewhowillbeblocked.

NavigatetoFirewall>AppRules
ChecktheboxunderEnableAppRules,ifnotdonealready.
ClickonAddNewPolicytocreatethefollowingpolicy:
 ClickToSeeFullImage.

AppControlpoliciescanbemademorespecificby:

ApplyingpoliciestospecificinternalIPaddressesundertheAddressesfield
ExcludinginternalIPadddressesfromaparticularpolicybyaddingthemundertheExclusion
Addressesfield.
Excludingorincludingusersfromaparticularpolicybyaddingusersorusergroupsobjectunder
Included/ExcludedUsers/Groups.Forthistoworkuserauthenticationneedstobeenabled.
ApplyingschedulestoapolicybyaddingscheduleobjectsundertheSchedulefield.
SelectingazoneundertheZonefield.

LogMessages

WhenhostsbehindtheSonicWALLgetblockedorwhentheiractiontriggersapolicybasedontheApp
Controlpolicies,SonicWALLwilllogthemineitherofthefollowingformats,dependingonwhetherLog
usingAppControlmessageformatischeckedornot:
ClickToSeeFullImage.