Applications Profiles

An applications profile contains a set of relevant application signatures intended for use in firewall rules for traffic analysis at Layer 7 of the OSI model. Using flexible filters, you can add the required signatures from an application signature library to a profile. One profile can use multiple filters at once. Each filter can define the settings and actions to be applied to all matching signatures. The order of signature filters in the profile is important: the settings of the topmost filter have the topmost priority.

The administrator can create any number of profiles. It is recommended to limit the number of signatures in the profile only to those that are necessary for protecting a certain service. A large number of signatures increases the traffic processing time and CPU load.

To configure applications profiles, go to the Libraries ➜ Applications profiles section, create a profile, and add the desired signatures to it from the application signature library using a filter.

Name	Description
Name	Profile name.
Description	Profile description.
Filters	The filters using to select the desired application signatures from the signature library. The following properties can be specified in the filter: Action: the response to signature detection. The following values are defined: None: no action defined Pass: allow the packet Drop: drop the packet Reset: drop the packet and abort the TCP connection (send a TCP reset) Block IP: block the source and/or destination IP address PCAP file: trace the signature detection and write the results in a PCAP file Enable: enable tracing Disable: disable tracing Apply to: what the Reset or Block IP actions should apply to. The available options are: Source: the Reset or Block IP action is applied to the source IP address of the packet Destination: the Reset or Block IP action is applied to the destination IP address of the packet Both: the Reset or Block IP action is applied to both the source and destination IP addresses of the packet Duration: the block duration for the Block IP action When adding signatures to a profile, the administrator has the flexibility to filter signatures --- for example, to select only those that have a very high risk, are of type "Application" and belong to the category "Games".

Name

Description

Name

Profile name.

Description

Profile description.

Filters

The filters using to select the desired application signatures from the signature library.

The following properties can be specified in the filter:

Action: the response to signature detection. The following values are defined:
- None: no action defined
- Pass: allow the packet
- Drop: drop the packet
- Reset: drop the packet and abort the TCP connection (send a TCP reset)
- Block IP: block the source and/or destination IP address
PCAP file: trace the signature detection and write the results in a PCAP file
- Enable: enable tracing
- Disable: disable tracing
Apply to: what the Reset or Block IP actions should apply to. The available options are:
- Source: the Reset or Block IP action is applied to the source IP address of the packet
- Destination: the Reset or Block IP action is applied to the destination IP address of the packet
- Both: the Reset or Block IP action is applied to both the source and destination IP addresses of the packet
Duration: the block duration for the Block IP action

When adding signatures to a profile, the administrator has the flexibility to filter signatures --- for example, to select only those that have a very high risk, are of type "Application" and belong to the category "Games".

You are here

Search form

Applications Profiles