Hai i want to restrict torrent download. in this case here we have around 50 system all under static ip. then some of them using DHCP. so i want to block torrent download for 45 users and allow for 5 users. is it possible, then suggest the steps.
i am using fortigate 60d
If they have static IPs it's no problem at all
Navigate to Policy&Objects > Objects > Addresses and select Create New
Name: Allow_Torrent
Type: IP Range
and enter the IP Range of the allowed users (or create an object per IP Adress with the netmask /32 and group them)
Do the same for Block_Torrent
if you need to use different objects not IP ranges I recommend you also select the little Arrow next to Create New and create a group containing the Allow_Torrent and another containing the Block_Torrent address objects
Now go to Security Profiles > Application Control
Create a new Application Sensor named BlockTorrent (If you do not have the option you can enable Multiple Profiles at System > Config > Features)
In this profile below Application Override select Add Signatures
Search for "Torrent" in the top right search field
Select all Torrent Signatures and click Use Selected Signatures
Make sure the Action is set to blocked
Now go to Policy&Objects > IPv4 > Policies and Create New
Source Interface: internal (or where your clients are)
Source address Allow_Torrent
Destination Interface: wan1 (your Internet connection)
Destination address: all
Configure the rest as needed
Create a New policy same as above but select:
Source Address: Block_torrent
Enable the Application Control Profile BlockTorrent
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
