dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
3125
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

block torrents, usenet, etc...

i purchased a usg50 to setup in a bar/grill business and i dont want users taking advantage of my IP/bandwidth.

i dont want them using their laptops to download music/movies/tv shows, etc...off of my connection (using my IP).

how to i block usenet/p2p?

i am using openDNS, which does a good job of filtering by domain name, but it stops there.

thanks.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

AppPatrol is designed for this. Get a free trial 2 month subscription and give it a test run.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd to tomdlgns

MVM

to tomdlgns
Download the Application Notes for the v3 firmware and under section Scenario 5 - Deploying Content Filtering to Manage Employee Browsing Behavior found under Page 27 .... the section deals with how to block torrents etc ..... The Content Filtering subscription makes it very easy ....

be aware that once you add more subscriptions service [more than one] the USG 50 if under heavy load does not have the horsepower to be effective IMO. under light loads not an issue.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

is there a way to do this w/o subscribing to a service?

for my setup/amount of guests, i don't expect to have any issues. on a larger network, do you guys recommend the USG 100?

however, a friend of mine (larger business) is looking to mirror my setup. i will make sure to let him know the USG 50 won't be enough power for his setup.

mozerd
Light Will Pierce The Darkness
MVM
join:2004-04-23
Nepean, ON

mozerd

MVM

Its much easier with subscription services .... I have not tried to do the same thing manually .... so I cannot give you any more tips -- some others may have done it manually.

The USG 300, USG1000 etc. have the horsepower .... it all depends on the loads expected and that requires a proper analysis.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

i understand. thanks for your input.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano

MVM

You can enable the trial service and then run without it after it expires.
The trial service will download all current signatures for all protocols. Those are not deleted after trial expires and the AppPatrol will continue to work with the signatures that you have.
Most protocols are not updated that frequently and you'll be fine without updates for some reasonable period of time (until there's a major update to certain protocol or new service that you wish to block emerges) ..then you'll need to subscribe to be able to re-download the latest signatures.

You'll always have issue blocking encrypted services. As such to conserve bandwidth AppPatrol is best combined with BWM.
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

well, i guess i need to check out the services and see what they cost.

does the software know the difference between usenet SSL and gmail/facebook SSL?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

I have not tested AppPatrol in any extensive way, but I'd guess, since the USG device does not have SSL proxy, that any encrypted services will just fly by it (I may be wrong).
tomdlgns
Premium Member
join:2003-03-21

tomdlgns

Premium Member

that isn't good, many of these services can be configured to use SSL.

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav to tomdlgns

Premium Member

to tomdlgns
Okay people use your noggins. What is the best way to discourage p2p etc.
What do most hotspot wifi type units do (specific functionality).

And yes by the way I always recommend something like the N4100 in front of a USG for a setup. Makes is a plugNplay for the staff (they can hand out premade tickets for wifi etc etc......... - another thread perhaps LOL).

In any case the answer is BWM your wifi guests. THe wifi hotspots allow one to rate limit per user as well as apply BWM. THat is a p2p killer. Not sure what can be done similarly on the USG....... Perhaps assign the lowest QOS to p2p type traffic and use BWM in a creative way.

Note how the guard LLama is faster and more intelligent than the guard mutt.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano to tomdlgns

MVM

to tomdlgns
Yeah, encryption is a nightmare for sysadmin without cisco like budget.

That's why I'm saying BWM might be alternative.
1) Limit your guest LAN to few standard outbound ports i.e. HTTP, HTTPS, POP3, IMAP, ...
2) Limit all guest LAN connections to limited bandwidth and low priority.
Brano

Brano to Anav

MVM

to Anav
How does N4100 deal with encrypted traffic? Does it have SSL proxy or what method is used?

Anav
Sarcastic Llama? Naw, Just Acerbic
Premium Member
join:2001-07-16
Dartmouth, NS

Anav

Premium Member

Good question.
The rate limiting is applied to an account, why would it matter what type of traffic it is??

Furthermore, the op could use a managed switch after the USG and use port rate limiting as well.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

You can do BWM/Rate limiting with USG too. USG has captive portal as well. The only thing that's questionable is inspection of encrypted traffic.