Torrent working even when P2P (BitTorrent) is blocked.

sarathd24 · ‎12-06-2016

Hi all ,

Just received a mail from ISP for copyright infringement due to torrent download. I have blocked P2P and bit torrent in application control still the traffics pass through the firewall. I checked by changing the port number randomly in Transmission

( Torrent client in Ubuntu Systems ) it started working. Would be great if some one could give me a solution.

Regards,

Sarath

Fullmoon · ‎12-07-2016

instead of using certificate inspection on your ssl inspection use deep inspection instead.

Fortigate Newbie

sarathd24 · ‎12-07-2016

I tried it is still passing through. I am checking the logs, It is detecting the traffic as P2P and application as BitTorrent but still the traffic is passing through. Any clue how this is happening ?

sarathd24 · ‎12-07-2016

Ok ! this has been resolved now. The deep inspection didn't save but adding the signatures manually did. I dont know if this is a bug because when we block p2p on the whole it shouldn't have allowed the traffic but when I added the signatures manually it did block them. HTH

tanr · ‎12-07-2016

Did you have your deep inspection set to inspect all ports?

tspark · ‎01-27-2017

I am running version 5.4.3 on a FortiGate 500D and I am experiencing the exact same issue with the exact same workaround. Blocking the P2P category is not blocking BitTorrent, you do have to manually add the BitTorrent signature to the Application Sensor that your firewall policy is using.

I actually find it quite disturbing that FortiNet has not yet resolved this issue as I'm sure one of the first things many organizations do, is block P2P traffic and assume that is will block BitTorrent. I too received an email from our ISP regarding copyright infringement and that is the only reason why we discovered this bug. It worked just fine in version 5.2.x.

tanr · ‎01-27-2017

@tspark and @sarathd24,

Have you opened a support ticket with Fortinet about this? Active bug report tickets are good motivators to get things like this fixed.

This is assuming you are seeing the P2P category not blocking BitTorrent even when your deep inspection is set to inspect all ports?

Frank_Hou_FTNT · ‎01-30-2017

IPSE version 3.300 and later (for FOS 5.4) fixed this P2P category blocking issue.

The reason is pseudo IM/P2P rules attributes are loaded from IPS/AppCtrl databases, but the IPS engine does not encode it correctly for FOS, so FOS get empty attributes for those rules. The matched mantis bug is #397707

tanr · ‎01-31-2017

Hi Frank Hou_FTNT,

I'm not sure of the acronyms being used. Does IPSE stand for IPS Attack Engine, Internet-service Database Apps, or something else? How do we check the version?

To help me (and others) please let us know:

1. What IPSE is and how to check the version (diag autoupdate versions, perhaps?)

2. What is the current released IPSE version for FOS 5.4.x?

3. If our versions of IPSE are not at or past the 3.300 version how can we force an update?

Thanks.

Frank_Hou_FTNT · ‎02-01-2017

1.) Yes, "diagnose autoupdate versions"

=========================

IPS Attack Engine --------- Version: 3.00303 Contract Expiry Date: Fri Jan 1 2021 Last Updated using manual update on Wed Feb 1 09:12:28 2017 Last Update Attempt: Wed Feb 1 09:12:35 2017 Result: No Updates

====================

2.)The built-in version might be 3.299

3.)If your box has valid IPS pkg upgrade contract in FortiGuard/FortiCare service. Run command: exec update-ips can update the IPSE version