KB Article | Forcepoint Support

Problem Description

To block BitTorrent traffic with NGFW you will need to create an access rule and enable HTTP and HTTPS inspections.

Note Forcepoint recommends you use the latest version of NGFW and apply the latest update package for best results.

Resolution

Create an access rule to block the BitTorrent application on all ports:

Important Update package 1017 modified the BitTorrent application element so that it inspects all ports by default. If you have update package 1017 or higher activated, then steps 3-6 below are not required. Instead, only the BitTorrent application element needs to be put into the Service cell.
  1. Set the Source and Destination as required.
    1. For example Source is Internal and Destination is External.
  2. Set the Action to Discard.
  3. Right-click the Service cell and click Edit Service.
  4. Add two rows.
  5. Configure the first row.
    1. Drag the Any TCP Service into the Service cell and BitTorrent application into the Application cell.
  6. Configure the second row.
    1. Drag the Any UDP Service into the Service cell and the BitTorrent application into the Application cell.
  7. Place this rule above all rules that allow outbound HTTP and HTTPS traffic. Many torrent clients prefer to use those ports so they do not allow HTTP or HTTPS connections before they can be checked by the application.
This access rule will block torrent downloads and uploads and .torrent file downloads over HTTP.

To block .torrent file downloads over HTTPS and other BitTorrent client related HTTP traffic, you must also inspect HTTP and HTTPS connections.

The application rule alone (without HTTP/HTTPS inspection) may be enough to block all BitTorrent download and upload traffic, however for best coverage, configure NGFW to inspect the traffic.

To enable HTTP inspection:
  1. Locate the rule that allows the HTTP connections.
  2. Right-click the Action cell and click Edit Options.
  3. Under Deep Inspection, click On.
For further information on editing access rules, review Next Generation Firewall Product Guideyou’re your release for further information.

To enable HTTPS inspection, configure TLS Client Protection:
  1. For configuration steps, review Next Generation Firewall Product Guide for your release.
  2. Inspect HTTP or HTTPS connections.
  3. Edit the Inspection Policy.
  4. Under Traffic Identification, click the Inspection tab.
  5. Under the Peer to Peer category, select the action to Terminate.
    1. This will block torrent client connections, some other BitTorrent related protocols like Peer Discovery, and .torrent file type downloads.
Note Users can still use magnet links to start a torrent but the application rule will block the actual data transfer.

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more