Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring APPID Rules

 

This configuration specifies the properties for identifying an application for which a source or destination IP address and port is used for a known application, without the requirement of an application signature. For example, the Session Initiation Protocol (SIP) server initiates a session from its identified port, 5060. You can therefore specify the SIP server IP address and port 5060 in the port mapping configuration for the SIP application. The advantage of using this method is to provide efficiency and accuracy of application identification for your network.

To configure application rule properties, include the rule statement at the [edit services application-identification] hierarchy level:

You can include the following application rule properties:

  • address—Address properties for APPID rule processing. This statement is mandatory; you must specify either destination or source properties.

  • destination—Destination address and port information. The ip statement defines the IP address and netmask (IPv4 only), and the port-range statement defines the TCP or UDP port number or numeric range, entered as [minimum-valuemaximum-value].

  • source—Source address and port information. The ip statement defines the IP address and netmask (IPv4 only), and the port-range statement defines the TCP or UDP port number or numeric range, entered as [minimum-valuemaximum-value].

  • order—Application matching priority. For address configurations, the order number resolves the conflict when multiple address entries are matched for a specific session; the lower the number, the higher the priority. This statement is mandatory and must contain a unique value.

  • application—Name of the application to be included in the rule.

  • disable—Disable processing for this application rule.

The rule-set statement defines a collection of APPID rules that determine what actions the router software performs on packets in the data stream. You define each rule by specifying a rule name and configuring terms. Then, you specify the order of the rules by including the rule-set statement at the [edit services application-identification] hierarchy level with a rule statement for each rule: