Is there a single port, or a group of ports I can block on a firewall to prevent direct client to client transfers over our WAN links. These transfers are much quicker when routed via the internet, but right now clients are directly sending data via our site to site links.
The firewall rule would be implemented directly on the site to site link.