Hai i want to restrict torrent download. in this case here we have around 50 system all under static ip. then some of them using DHCP. so i want to block torrent download for 45 users and allow for 5 users. is it possible, then suggest the steps.
i am using fortigate 60d
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If they have static IPs it's no problem at all
Navigate to Policy&Objects > Objects > Addresses and select Create New
Name: Allow_Torrent
Type: IP Range
and enter the IP Range of the allowed users (or create an object per IP Adress with the netmask /32 and group them)
Do the same for Block_Torrent
if you need to use different objects not IP ranges I recommend you also select the little Arrow next to Create New and create a group containing the Allow_Torrent and another containing the Block_Torrent address objects
Now go to Security Profiles > Application Control
Create a new Application Sensor named BlockTorrent (If you do not have the option you can enable Multiple Profiles at System > Config > Features)
In this profile below Application Override select Add Signatures
Search for "Torrent" in the top right search field
Select all Torrent Signatures and click Use Selected Signatures
Make sure the Action is set to blocked
Now go to Policy&Objects > IPv4 > Policies and Create New
Source Interface: internal (or where your clients are)
Source address Allow_Torrent
Destination Interface: wan1 (your Internet connection)
Destination address: all
Configure the rest as needed
Create a New policy same as above but select:
Source Address: Block_torrent
Enable the Application Control Profile BlockTorrent
If they have static IPs it's no problem at all
Navigate to Policy&Objects > Objects > Addresses and select Create New
Name: Allow_Torrent
Type: IP Range
and enter the IP Range of the allowed users (or create an object per IP Adress with the netmask /32 and group them)
Do the same for Block_Torrent
if you need to use different objects not IP ranges I recommend you also select the little Arrow next to Create New and create a group containing the Allow_Torrent and another containing the Block_Torrent address objects
Now go to Security Profiles > Application Control
Create a new Application Sensor named BlockTorrent (If you do not have the option you can enable Multiple Profiles at System > Config > Features)
In this profile below Application Override select Add Signatures
Search for "Torrent" in the top right search field
Select all Torrent Signatures and click Use Selected Signatures
Make sure the Action is set to blocked
Now go to Policy&Objects > IPv4 > Policies and Create New
Source Interface: internal (or where your clients are)
Source address Allow_Torrent
Destination Interface: wan1 (your Internet connection)
Destination address: all
Configure the rest as needed
Create a New policy same as above but select:
Source Address: Block_torrent
Enable the Application Control Profile BlockTorrent
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.