Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Unable to block torrent
  •  
f.maianti is currently offline f.maianti

Messages: 26
Karma: 0
Send a private message to this user
Hi all,
we have just installed and cofigured a Kerio Control NG500 in our company network.
We set up some content filter rule to block dangerous/porno/scam sites and all is working well.
We are trying to block p2p torrent traffic but even if we have created a rule to drop peer-to-peer content our test pc is still downloading from bittorrent.
In the filter log i found a lot of entry like these:

1/May/2016 15:49:26] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.127:56196 -> edge-star-shv-01-cdg2.facebook.com (179.60.192.3):443, HTTPS [Content] Social Networking edge-star-shv-01-cdg2.facebook.com/
[31/May/2016 15:49:26] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.127:35111 -> edge-star-shv-01-cdg2.facebook.com (179.60.192.3):443, HTTPS [Content] Social Networking graph.facebook.com/
[31/May/2016 15:49:35] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.124:3758 -> xx-fbcdn-shv-01-cdg2.fbcdn.net (179.60.192.7):443, HTTPS [Content] Social Networking connect.facebook.net/
[31/May/2016 15:49:38] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.45:49593 -> edge-mqtt-mini-shv-01-cdg2.facebook.com (179.60.192.34):443, HTTPS [Content] Social Networking mqtt-mini.facebook.com/
[31/May/2016 15:49:52] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.45:39784 -> instagram-p3-shv-01-cdg2.fbcdn.net (179.60.192.52):443, HTTPS [Content] Social Networking graph.instagram.com/
[31/May/2016 15:49:53] DENY [Rule] 'Kerio Control Web Filter categories' [Connection] 192.168.30.9:54791 -> edge-star-shv-01-cdg2.facebook.com (179.60.192.3):443, HTTPS [Content] Social Networking graph.facebook.com/


so the rule is actually finding and blocking some traffic, but the torrent client is still downloading.

Anyone can help me? What am i doing wrong?
Thanks
  •  
Petr Dobry (Kerio) is currently offline Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
Did you enable P2P detection in Advanced settings http://kb.kerio.com/1526 ?

Petr Dobry
Product Development Manager | Kerio
  •  
f.maianti is currently offline f.maianti

Messages: 26
Karma: 0
Send a private message to this user

Yes, i followed the page you linked.
There is no "enable p2p detection", just list of port that kerio will monitor

  • Attachment: kerio.png
    (Size: 140.79KB, Downloaded 262 times)
  •  
Petr Dobry (Kerio) is currently offline Petr Dobry (Kerio)

Messages: 776
Karma: 61
Send a private message to this user
That's correct. Torrent traffic is detected automatically by using traffic on those ports.
You can check Active Hosts tab to see if the traffic for specified host is detected a P2P.

Petr Dobry
Product Development Manager | Kerio
  •  
f.maianti is currently offline f.maianti

Messages: 26
Karma: 0
Send a private message to this user
Now it's working, torrent is blocked by kerio.
Seems like the kerio takes some time to analyze and discover the p2p traffic.

Thanks
  •  
ipsys is currently offline ipsys

Messages: 20
Karma: 2
Send a private message to this user
im not sure i completely understand, and please excuse me for my ignorance. i have followed the kb, but kerio still reports a lot of P2P traffic?

with regards to the KB, do we only need 'content filtering' enabled? or must 'application awareness' also be enabled for the torrentz to be blocked? currently both are enabled, and we see very high cpu (+50%) and memory consumption (75%). with application awareness disabled, cpu use falls by 50% (to roughly 20%) and memory falls by 25% (to 50%).

https://preview.ibb.co/eFzvmc/Screen_Shot_2018_04_09_at_11_36_02_am.png

does this mean that the user is actually downloading the P2P (470mb is not small compared to the rest of the traffic)? its as if the traffic is detected, however not blocked, yet some P2P is detected and blocked?
Previous Topic: 9.2.5 patch2 released
Next Topic: Intrusion Prevention down again?
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue May 22 08:25:18 CEST 2018

Total time taken to generate the page: 1.03502 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.