We've been using the Palo Alto to successfully block bittorrent and all
other P2P at the edge - it appears extremely effective at it. We had used a
packeteer and a sonicwall firewall to do it in the past and there were
definitely students that worked thru those tools; so far the palo alto has been
solid as far as I'm aware - at least I've not gotten any copyright notices
addressed to the networks that have the blocking enabled; we got them
occasionally when we used the other two tools.
There may conceivably be some students working thru it with tor and
other open proxies I think, and the palo alto has a class to block that traffic
as well, however we don't currently block that traffic - the barrier to entry
on doing that, coupled with the slow speeds those services normally offer keeps
that from being a bandwidth drain.
It's on my to-do list to setup integration between the palo alto and
our highpath controller (which I think you can do to setup user/group based
polices on who can do what), and we don't have the NAC, so no integration
available to us there; but that would make it even more effective.
-----Original Message-----
From: Patrick Printz [mailto:[email protected]]
Sent: Thursday, September 13, 2012 9:26 AM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Blocking bittorrent and P2P
We are lacking the NAC currently. Every time we look into it, we decided
against it. We may have to consider getting one though. I appreciate all of
this info, it helps.
Patrick Printz
Network Infrastructure
Quinsigamond Community College
670 West Boylston Street
Worcester, MA 01606-2092
w. 508-854-7517
c. 508-726-9529
"If a man is called a street sweeper, he should sweep streets even as
Michelangelo painted, or Beethoven composed music, or Shakespeare wrote
poetry. He should sweep streets so well that all the hosts of heaven and Earth
will pause to say, Here lived a great street sweeper who did his job well."
~Martin Luther King, Jr.
-----Original Message-----
From: Summers, William [mailto:[email protected]]
Sent: Thursday, September 13, 2012 9:16 AM
To: Enterasys Customer Mailing List
Subject: RE: [enterasys] Blocking bittorrent and P2P
Many L7/deep inspection products claim they can block Bittorrent and P2P apps.
In my experience/testing most have weaknesses. Enterasys has a new formed
relationship with Palo Alto Networks. In my experience and testing the Palo
Alto products do the job and integrate with NAC. Where the budget is short,
consider inline snort with nfqueue.
http://www.enterasys.com/company/literature/palo-alto-networks-sab.pdf
http://media.paloaltonetworks.com/documents/enterasys.pdf
William Summers
Network Administrator
Deerfield Academy
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
---
To unsubscribe from enterasys, send email to [email protected] with the body:
unsubscribe enterasys [email protected]
