Monitoring and blocking P2P traffic

Diagram for blocking P2P with Application Control
Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this recipe, you will use Application Control to monitor application traffic on your network and then selectively block unwanted traffic. Peer-to-peer (P2P) traffic is blocked in this example.

1. Enabling Application Control and Multiple Security Profiles

Go to System > Feature Select and ensure that Application Control and Multiple Security Profiles are enabled.

Enable Application Control and Multiple Security Profiles

2. Using the default Application Control profile to monitor network traffic

The default Application Control profile is set to monitor all applications except for Unknown Applications. You will use this profile to monitor traffic and identify any applications that should be blocked.

Go to Security Profiles > Application Control and view the default profile.

Confirm that all Categories are set to Monitor with the exception of Unknown Applications.

Set application control to monitor all apps except "unknown"

3. Editing the security policy for outgoing traffic

Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet.

Under Security Profiles, turn on Application Control and use the default profile.

To inspect all traffic, SSL/SSH inspection must be set to deep-inspection profile.

Edit outgoing traffic IPv4 policy

4. Reviewing the FortiView dashboards

Go to FortiView > Applications and select the now view to display network traffic flowing through your FortiGate listed by application.

You can see P2P traffic occurring in your network.

FortiView Now Dashboard

Double-click any application to view drilldown information, including traffic sources, traffic destinations, and information about individual sessions.

FortiView application drilldown

5. Creating an application profile to block P2P applications

In step 4, Application Control detected traffic from BitTorrent, a P2P downloading application. In this step, you create an Application Control profile to block all P2P applications.

Go to Security Profiles > Application Control and create a new profile.

Set the P2P category to Block.

Create new application control security profile

6. Adding the blocking profile to a security policy

Go to Policy & Objects > IPv4 Policy and edit the policy that allows connections from the internal network to the Internet.

Set Application Control to use the new profile.

Set Application Control to new profile

7. Results

Attempt to visit the BitTorrent site. A FortiGuard warning message will appear, stating that the application was blocked.

Results BitTorrent Blocked

Test the P2P blocking by attempting to use the BitTorrent application. Traffic blocked.

To view information about the blocked traffic, go to FortiView > Applications, select the 5 minutes view, and filter the traffic by Security Action: Blocked.

Fortiview page displaying blocked traffic

For further reading, check out Application control in the FortiOS 5.4 Handbook.

Judith Haney

Judith Haney

Technical Writer at Fortinet
Judith Haney is a Technical Writer on the FortiOS technical documentation team. She graduated with honours from Algonquin College's Technical Writer program in September 2014. In a previous lifetime, Judith earned degrees in Mathematics (B.S.) and French literature (M.A.).
Judith Haney
  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. See Preventing certificate warnings for more information.
Application Control uses flow-based inspection; if you apply an additional security profile to your traffic that is proxy-based, the connection will simply timeout rather than display the warning message. However, Application Control will still function.
  • Abdulaziz Alatar

    Hello judith,
    thank you for this recipe.
    I think there is an bug in the Fortios 5.4.1.
    I have FGT 90D, IPS Definitions 10.00104 and IPS Engine Version 3.00299.when block application control p2p category is not work,but when block Application Overrides is work .
    All test with SSL/SSH deep inspection .