How to block BitTorrent and P2P traffic on Palo Alto firewall

How to block BitTorrent and P2P traffic on Palo Alto firewall

1225
Created On 07/17/25 02:52 AM - Last Modified 10/01/25 21:23 PM


Objective


To effectively block BitTorrent and P2P sites using combination of application-base security policy and URL Filtering.

Environment


  • Any PAN-OS.
  • Palo Alto Firewall.
  • URL Filtering.

Procedure


  • The following are the 2 methods can be used to block bittorrent and P2P traffic.
  • Use separate policies to block using App ID and URL filtering.

Using Security Policy and application-base (AppID)

  1. Create a new or modify existing security policy. 
  2. Configure the source/destination, zones you want to apply the policy to.
  3. In the Application tab, select "bittorrent", "bittorrent-sync", "unknown-p2p", "unknown-tcp", "unknown-udp"   
  4. Set the Action to "deny" to block the traffic.
  5. Commit. 

Using URL Filtering (Security Profile)

  1. Create custom URL categories to include all known Torrent and P2P sites. 
  2. Create URL Filtering profile.
  3. In the categories section, add P2P and the custom URL category created above. Block these categories.
  4. Apply the profile to the security policy created earlier and select the URL Filtering profile under the URL Filtering section.
  5. Commit.

Additional Information
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000fxrzKAA&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail