Configuring Application Protocol Conditions (SRC CLI)

You can define application protocols for the stateful firewall and NAT services to use in match condition rules. An application protocol defines application parameters by using information from network layer 3 and above. Examples of such applications are FTP and H.323.

Use the following configuration statements to add application protocol conditions to a classify-traffic condition:

To add application protocol conditions to a classify-traffic condition:

1. From configuration mode, enter the application protocol configuration. In this procedure, apc is the name of the application protocol condition. For example:

2. (Optional) Configure the network protocol to match.

3. (Optional) Configure the application protocol to match.

4. (Optional) Configure the length of time the application is inactive before it times out.

5. (Optional) For the DCE RPC application protocol, configure the universal unique identifier (UUID).

6. (Optional) For the remote procedure call (RPC) application protocol, configure an RPC program number.

7. (Optional) Configure the SNMP command for packet matching.

8. (Optional) For the traceroute application protocol, configure the traceroute time-to-live (TTL) threshold value. This value sets the acceptable level of network penetration for trace routing.

9. (Optional) Enter configuration mode for the protocol attribute.

10. (Optional) For the ICMP protocol, configure the ICMP packet type.

11. (Optional) For the ICMP protocol, configure the ICMP code.

12. (Optional) Enter the destination port configuration.

13. (Optional) Configure the TCP or UDP destination port.

14. (Optional) Enter the source port configuration.

15. (Optional) Configure the TCP or UDP source port.

16. (Optional) Verify the application protocol condition configuration.