Article Id
194576
Description
Scope
Solution
To block Windows media data streaming
4. Add custom signature to an IPS Sensor. To do this, go to Intrusion Protection > IPS Sensor and select Edit.
5. Select Add Custom Override. Select the name of the custom signature and set the action to Reset or Block.
6. Select OK.
7. In this example the Custom Signature is added to the All_Default IPS Sensor group.
8. Go to Firewall > Protection Profile and edit the profile. Select the expand arrow for IPS and view IPS Sensors in use.
9. Make sure the sensor being used is that for which the custom signature has been added.
10. Ensure this Protection Profile is in use by the Firewall policy.
This article describes steps required to block Windows streaming media content. This may be required by a system administrator as a measure to control time wasting and bandwidth misuse in a corporate environment.
Scope
Article can be applied to a VDOM or FortiGate unit running in transparent and/or NAT mode.
Solution
To block Windows media data streaming
1. Go to Intrusion Protection > Signature and select Create New.
2. Enter a name for the signature and enter the following text for the signature:
2. Enter a name for the signature and enter the following text for the signature:
F-SBID( --name "Block.WMP.Get"; --default_action drop_session; --protocol tcp; --service HTTP; --flow from_client; --pattern "Pragma: xPlayStrm=1"; )
3. Select OK.
4. Add custom signature to an IPS Sensor. To do this, go to Intrusion Protection > IPS Sensor and select Edit.
5. Select Add Custom Override. Select the name of the custom signature and set the action to Reset or Block.
6. Select OK.
7. In this example the Custom Signature is added to the All_Default IPS Sensor group.
8. Go to Firewall > Protection Profile and edit the profile. Select the expand arrow for IPS and view IPS Sensors in use.
9. Make sure the sensor being used is that for which the custom signature has been added.
10. Ensure this Protection Profile is in use by the Firewall policy.
