1.Purpose of the article
As you know, playing games during working hours is difficult to accept because it will distract employees from work as well as affect the bandwidth of the system.
So in this article, techbast will guide you how to prevent users from accessing the League of Legends game while in a corporate network environment with Palo Alto firewall.
As you can see in the network diagram you can see that the internet connection will be configured on Port 1 and the LAN area configured on Port 3 with the 172.16.16.0/24 network layer and 1 telephone device is being connected to the access point device. configured bridge mode is attached to port number 3 and the phone device has received IP is 172.16.16.64.
In this article techbast will use the League of Legends: Wild Rift gaming phone and the Palo Alto firewall to recognize the game and intercept it.
4.What to do
- Determine the ip and port the game uses
- Configure the policy to block the game
5.1 Determine the ip and port the game uses
The first step we will use the phone with ip 172.16.16.64 to play League of Legends: Wild Rift game.
Next we will check the log of the Palo Alto device, to check the Monitor> Logs> Traffic.
We will see that the phone’s log will be displayed, to avoid confusion with other devices we click on the IP address 172.16.16.64 to filter only this IP’s traffic.
After the filter we will conduct the analysis, we will see that the traffic that the device connects to out is in Singapore.
So we will assume that this League of Legends: Wild Rift game has a server located in Singapore.
We will create a policy to block all IPs coming from Singapore to determine if it is truly a game server in Singapore.
To create Policies> Security> Click Add and configure the following information.
- Name: Block_WildRift
- Rule Type: universal (default)
- Source Zone: select LAN
- Source Address: press Add and enter IP 172.16.16.64
- Destination Zone: WAN
- Destination Address: press Add và type in cell SG then select SG (Singapore)
- Action: select Drop
- Log Setting: select Log at Session End
Click OK to save the Policy.
After the policy blocks the IPs from Singapore we return to the phone screen to see if the game has lost connection.
And as you can see the game has lost connection.
The next step we need to go back to see the log of this device on Palo Alto and we can see the blocked IP destination addresses along with the port and protocol.
We need to save this information to an excel file as follows.
After saving all the necessary information, we will go back to the Block WildRift policy and fill in the IP destinations that we have saved in the excel file.
Next we need to enter more ports on the Service tab, to import you go to the Service tab and click Add then select New Service.
The Service table appears, you need to enter a name for that service and enter the port into the Destination Port box.
When done, click OK to save.
After entering all the collected IPs and ports, we will return to the phone screen to check.
And as you can see the game is still not accessible, ie we have correctly identified the IP servers that the game connects to as well as the ports that the game uses.
Techbast hopes that this article will assist administrators in having a way to manage users’ internet access to help the system operate more smoothly.