We seem to have a problem where our [version 9.208] UTM is only detecting/blocking a small
fraction of Bittorrent traffic with Application Control... On our main
internal network, we have very few ports allowed through the
packetfilter, and this seems to really hinder Bittorrent traffic from our internal clients.
On our guest network however, we leave it pretty much wide open for
outbound ports on the packetfilter. The issue is that Bittorrent traffic
has no problem getting through, even though it's configured to be
dropped in App Control.
I fired up a Linux ISO torrent, and I do see a number of entries in
/var/log/afc.log that shows SOME traffic being dropped. But, like I said,
it's just a fraction and the rest goes through fine without getting
logged/dropped by afc:
2014:10:21-15:30:03 utm ulogd[10955]: id="2019" severity="info"
sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop"
fwrule="3" outitf="eth1" mark="0x303c" app="60"
srcmac="0:1b:21:25:44:a3" srcip="10.1.1.7" dstip="194.183.19.26"
proto="17" length="131" tos="0x00" prec="0x00" ttl="126" srcport="32479"
dstport="58119"
(The "app="60"" is Bittorrent.)
According to the flow monitor, the rest of the Bittorrent traffic is "unclassified". I'm using uTorrent, and not actively using encryption.
Also, is UTM still using Procera as the App Control engine?
This thread was automatically locked due to age.
