How do I block Emule traffic?

To block emule P2P, first ensure that the FortiGate unit has the latest Antivirus and NIDS definition updates. The installed version appears on the System > Status menu. The currently distributed version is listed on the FortiGuard Center web site:

http://www.fortinet.com/FortiGuardCenter/av.html

FortiOS 3.0

For FortiOS 3.0, the protection profile has a blocking feature for the eDonkey network that enables you to block or limit the file transfer size.

To configure the eDonkey network

1. Go to Firewall> Protection Profile.
2. Select a default profile or select Create New.
3. Select the IP/P2P arrow to expand the options.
4. Select an option for eDonkey.
5. Select OK .

Note there are additional IPS signatures which you can block or enable for eMule. To view, go to Intrusion Protection> Signature> Predefined. Select the Misc arrow to expand the list.

FortiOS 2.8

To block emule file sharing

1. Go to IPS> Signature> p2p> edonkey
2. Select Enable and select Edit.
3. Set the action to Drop and select OK.
4. Go to Firewall > Protection Profile and configure a Protection Profile so that IPS Signature is Enabled.
5. Apply this Protection Profile to the Firewall> Policy that will be used to block this traffic.

If Logging on the signature is also enabled, the following message will be logged when an Emule/Edonkey client attempts to connect to a server.

2006-02-17 15:42:01 Local7.Alert 72.31.225.206 date=2006-02-17 time=06:41:03 device_id=FG200A210xxxxxxx log_id=0420070000 type=ips subtype=signature pri=alert vd=root attack_id=109051907 src=193.138.221.214 dst=10.105.1.15 src_port=4242 dst_port=3691 src_int=wan1 dst_int=internal status=drop_session proto=6 service=3691/tcp msg="p2p: edonkey [Reference: http://www.fortinet.com/ids/ID109051907]"