Creating new applications
The system recognizes about 200 protocols (HTTP, ICMP, FTP, RTP/RTCP, H.225, SAP, Citrix, Skype, VMware, SaaS....; refer to "Application Recognition".
New applications can be created, described by a protocol plus an attribute, possibly on certain subnets or hosts specifically.
Note: Applications that are not recognized by ip|engines, and not explicitly named and enabled in the Application dictionary are implicitly grouped on the lower layer protocol (e.g. TCP or UDP).
By clicking on the New button 
,
the creation window of a new application is displayed. It contains the following input fields:
| • | Name: character string used to identify the application |
| • | Administrative State: |
| • | Enable: the application is taken into account |
| • | Disable: the application is not taken into account |
| • | Protocol: select a protocol from the drop-down list |
| • | Attribute: depends on the protocol; this field is enabled or not and provides access to a list or free fields |
| • | for TCP or UDP - Port(s): port numbers as they appear in the Server port fields of TCP/UDP headers (either source or destination). This field can contain several ports, separated by a ; or a range of ports, separated by a -. |
| • | for HTTP - URL (www.extremenetworks.com for example) |
Do not start the URL by http://.
You can put a URL like *.extremenetworks.* (see below).
|
Syntax: |
|
|
? |
a unique character |
|
* |
any character string (included empty) |
|
% |
shortest word (non empty, separated by spaces) |
|
$ |
longest word (non empty, separated by spaces) |
|
; |
separator in a list |
|
Examples: |
|
|
www.google.fr |
any URL of the site |
|
www.google.* |
all google incarnations (.fr, .com, .de .... ) |
|
www.google.*/*.gif |
all .gif documents in any page of any google |
|
*/*.gif |
all .gif documents in any page of any server |
|
Specific cases: |
|
|
host/* |
"any" URI |
|
host/ |
empty URI |
|
*/full/uri |
"any" HOST |
|
/full/uri |
empty HOST |
| • | for HTTPS - Common Name (usually the FQDN (Fully Qualified Domain Name) of the web site; it is displayed in the Certificate) |
| • | for Citrix - Application(s): name of published applications (Word, Excel for example) when the applications are not multiplexed in the same TCP session |
| • | for RTP/RTCP - Predefined codecs: name of an audio or video codec, to be selected from a drop-down list: |
Codec: name of an audio or video codec, to be written with the following syntax: audio/<audio codec name> or video/<video codec name> (for instance, to create the speex codec, enter audio/speex).
To be able to recognize the dynamic codecs (as per RTP), SIP application recognition must be enabled for SIP signalling to be decoded.
| • | for SaaS, select a SaaS application from the SaaS dictionary: |
| • | For other protocols, no further information is required. |
| • | User Subnets filter: this optional parameter can be used to identify an application by the IP address of a server or client, or list of servers or clients (up to 30). It is possible to choose the server or client from a drop-down list of the User subnets, or directly: |
| • | Prefix/Length: set the subnet with the following notation X.X.X.X/Y where X.X.X.X is the IP address and Y the length integer between 0 and 32; a list of IP addresses can be configured (; separator). |
| • | C/S Side: specify if the application must be recognized on the server side or on the client side (it is recognized on the Server side by default). |
When describing different applications using the same protocol (e.g. for HTTP: Intranet (= intranet.company.com), Internet corporate (= *.company.com) and Internet (= the rest of http)), place the more specific applications first (the Intranet, then Internet corporate in the example) and finally the generic one (the Internet), so that the specific ones can be recognized as such.
This ordering is achieved by selecting an application and by moving it up with the left blue arrow (move up) if it is more specific than the one above it, or moving it down with the right blue arrow (move down) if it is more generic than the one below it, and by repeating this for as many applications as necessary until they are all sorted from the most specific one (at the top) to the most generic one (at the bottom).
