Configuring Application Signatures
Application signatures can be part of a predefined application signature package or individual custom application signatures that you create. Use the following procedure to download predefined application signature packages, to configure custom application signatures, and to enable, disable, or delete the application signatures in your configuration.
- Select Configure>Security>Application
Signature in the J-Web interface to display the Applications Signature
page. Table 50 describes the content of this page.
The upper pane lists all enabled and disabled application signatures on the device. An icon displayed at the left of an application signature name means that nested application signatures are associated with this application signature.
- Click an application signature displaying an icon to list its nested signatures in the lower pane.
- Click one:
- Global Settings—Defines run
specifications for application identification or for an automatic
downloading schedule. Table 51 describes the content of the Global Settings
page.
- Select the App-Signature Global Settings tab to define run conditions, and to enable or disable application signatures and the application system cache.
- Select the Download Scheduler tab to set up a schedule for automatic downloads of the latest predefined application signature package.
- Download—Manually downloads the latest predefined application signature package. Table 52 describes the content of the Manually Download page.
- Check Status—Monitors the progress of an active manual or scheduled download.
- Uninstall—Removes application
signatures currently installed on your device. Choose one of the uninstall
options:
- Customized—Uninstalls all customized applications. This option does not uninstall predefined applications.
- Predefined—Uninstalls the predefined application package installed on your device. This option does not uninstall any customized applications.
- All—Uninstalls all customized applications and the predefined application package installed on your device.
- Add or Edit—Creates
or edits a customized application and nested application signature.
- To add or edit an application signature, in the upper pane click Add, or select a signature and click Edit. Table 53 describes the content of the Add/Edit Application page.
- To add or edit a nested application signature, in the lower pane click Add, or select a nested signature and click Edit. Table 54 describes the content of the Add/Edit Nested Application page.
- Delete—Removes a selected custom
application signature or nested custom application signature from
the configuration.
Individual predefined application signatures cannot be deleted. Use Disable to deactivate an individual predefined application signature.
- Clone—Creates a copy of a selected application signature or nested application signature under a different name.
- Disable—Deactivates a selected application signature but does not remove it from the configuration. Use Disable instead of Delete to deactivate a predefined application signature.
- Global Settings—Defines run
specifications for application identification or for an automatic
downloading schedule. Table 51 describes the content of the Global Settings
page.
- Click one:
- OK–Saves the configuration and returns to the main configuration page.
- Commit Options>Commit–Commits the configuration and returns to the main configuration page.
- Cancel–Cancels your entries and returns to the main configuration page.
Table 50: Application Signature Configuration Page
Field | Function |
|---|---|
Application Signatures | |
Name Search | Provides a search alternative to quickly display a specific application signature name. Enter a name, and click Search to refresh the display with the specified application signature. To redisplay the entire list, clear the Name Search field and click Search. |
Name | Displays the name of a predefined or customized application signature. An icon displayed at the left of an application signature name means that the configuration for this application signature contains nested application signatures. Click the application signature to display its nested application signatures in the lower pane. |
Application Type | Displays a well- known application name, such as FTP, Telnet, or HTTP. |
Risk | Displays the assigned risk level of the application signature based on the potential security impact or the likelihood of it being used by hackers. |
Characteristics | Displays an assigned characteristic of the application signature, such as “prone to misuse.” |
Technology | Displays an assigned technology for the application signature, such as browser-based or peer-peer. |
Status | Enables or disables the application signature. To change the status, select the application signature and click Disable/Enable. |
Nested App-Signature | |
Name Search | Provides a search alternative to quickly display a specific nested application signature name. Enter a name, and click Search to refresh the display with the specified nested application signature. To redisplay the entire list, clear the Name Search field and click Search. |
Name | Displays the name of the nested predefined or custom application signature. |
Application Type | Displays a well-known application where the nested application signature is likely to appear, such as FTP, Telnet, or HTTP. |
Risk | Displays the assigned risk level of the nested application signature based on the potential security impact or the likelihood of being used by hackers. |
Characteristics | Displays an assigned characteristic of the nested application signature, such as “prone to misuse.” |
Technology | Displays an assigned technology of the nested application signature, such as browser-based or peer-peer. |
Table 51: Global Settings Details
Field | Function | Action |
|---|---|---|
App-Signature Global Settings Tab | ||
App-Signature Global Settings | ||
Disable Application Signature | Disables application signature use. By default, application signature use is enabled. | Click the Disable Application Signature box to disable application signature use. |
Enable System Cache | Enables the system cache to retain application signature information. By default, the application system cache is disabled. | Click the Enable System Cache box to enable the application system cache. |
System Cache Timeout | Specifies the amount of time application signature information will be maintained in the system cache. The default value is 3600 seconds. | Enter the length of time that information is to be kept in the system cache. |
Max Sessions | Specifies the maximum number of sessions that can use application signatures at the same time. | Enter the maximum number of application signature sessions allowed. |
Total Max Check Bytes | Specifies the maximum number of bytes to check for an application signature. The default value is 10,000 bytes. | Enter the maximum number of bytes to be checked. The number can range from 0 through 100,000 bytes. |
Nested App-Signature Global Settings | ||
Disable Nested Application Signature | Disables nested application signature use. By default, nested application signature use is enabled. | Select the Disable Nested Application Signature check box to disable nested application signature use. |
Enable System Cache | Enables the application system cache for nested application information. By default, the system cache for nested application information is disabled. | If caching is enabled for application information, select the Enable System Cache check box to enable caching for nested application information as well. |
Max Client-to-Server Bytes | Specifies the maximum number of inbound bytes to be cached. | Enter the maximum number of inbound bytes to be cached. The number can range from 0 through 100,000 bytes. |
Max Server-to-Client Bytes | Specifies the maximum number of outbound bytes to be cached. | Enter the maximum number of outbound bytes to be cached. The number can range from 0 through 100,000 bytes. |
Download Scheduler Tab | ||
URL | Specifies the site from which the predefined application signature package will be downloaded. Use this option when the download location is different from the default location. | If the default download location is not being used, enter the URL of the download location. |
Enable Schedule Update | Enables scheduled automatic updates of the predefined application signature package. By default, scheduled automatic updates are disabled. | Select the Enable Schedule Update check box to enable automatic scheduled updates. |
Interval | Specifies the number of hours between automatic updates of predefined application signatures. | Enter the download interval. The range is 6 through 720 hours. |
Start Time | Specifies the month, day, and time of the first update. (The Start Time is significant for only the first automatic download. After that, automatic updates occur after the specified interval.) | Enter the time for the first download in MM-DD.hh:mm format using a 24-hour clock. |
Reset Setting | Clears the Start Time field. | When changing an existing Start Time, click Reset Setting first to clear the field before entering a new start time. |
Table 52: Manually Download Details
Field | Function | Action |
|---|---|---|
URL | Specifies the site from which the predefined application signature package will be downloaded. Use this option when the download location is different from the default location. | If the default download location is not being used, enter the URL of the download location. |
Version | Specifies the version to be downloaded. | Select Latest to download the latest application signature package available. Otherwise, select and enter the version number of the application signature package to be downloaded. |
Current Installed Version | Specifies the version number of the application signature package that is currently installed on your device. | – |
Table 53: Add/Edit/Clone Application Signature Details
Field | Function | Action |
|---|---|---|
Application Type | Specifies a well-known application, such as FTP, Telnet, or HTTP. | Enter the application type for this application signature. |
Index | Provides a number mapped one-to-one to the application signature name to ensure that each application signature is unique. | Enter a number from 32,768 through 65,534. (Indexes from 1 through 32,767 are reserved for predefined application signatures.) Note: The Index value must be unique among all custom application signatures. No differentiation is made between application signature and nested application signature Index values. |
Signature Name | Specifies the name of the custom application signature. | Enter a unique name with a maximum length of 32 characters. On the Edit Application Signature page, this field cannot be changed. On the Clone Application Signature page, this field is automatically seeded with a variation of the selected application signature name, but it can also be modified. |
Signature | ||
Min Data | Specifies the minimum number of bytes or packets to be used for matching the DFA pattern. The default value is 10. | Enter a number from 4 through 1024. |
Pattern | ||
Client to server | Provides the pattern to be matched for inbound traffic | Enter the inbound traffic pattern. |
Server to client | Provides the pattern to be matched for outbound traffic | Enter the outbound traffic pattern. |
Port Range | ||
TCP Port | Specifies a range of TCP ports to be checked for the custom application signature. The default range for TCP is 0 through 65,535. | Enter a range of TCP ports. |
UDP Port | Specifies a range of UDP ports to be checked for the custom application signature. The default range for UDP is 0 through 65,535. | Enter a range of UDP ports. |
Fallback Port | ||
Port Range | Specifies a range of ports to be checked for the application signature. The default range is 0 through 65,535. | Select the Port Range check box and enter the default port range. |
Protocol | Specifies the fallback port to be the range in the specified protocol. | Select the Protocol check box and enter the protocol of the fallback port range. |
Table 54: Add/Edit/Clone Nested Application-Signature Details
Field | Function | Action |
|---|---|---|
Application Type | Specifies the nested application type running under HTTP. This is often a well- known application name, such as Facebook or YouTube. | Enter the application type. |
Index | Provides a unique number mapped one-to-one to an application or nested application signature name to ensure that each application signature is unique. | Enter a number from 32,768 through 65,534. (Indexes from 1 through 32,767 are reserved for predefined application signatures.) Note: The Index value must be unique among all custom application signatures. No differentiation is made between application signature and nested application signature Index values. |
Name | Specifies the name of the custom nested application signature. By convention, to ensure unique naming, the application type is appended to the name and signature name of the nested application. | Enter a unique name with a maximum length of 32 characters. On the Edit Nested Application Signature page, this field cannot be changed. On the Clone Nested Application Signature page, this field is automatically seeded with a variation of the selected nested application signature name, but it can also be modified. |
Protocol | HTTP | Enter HTTP as the protocol for all nested application signatures. |
Signatures/Members | ||
Signature Name | Specifies the name of the signature. | Enter a unique name with a maximum length of 32 characters. |
Order | Specifies a unique number that determines the match priority of this signature. When multiple signatures match the same session, the lowest number takes priority. Note: Order applies to multiple signatures within the session. | Enter the order number. |
Maximum Transactions | Specifies the maximum number of transactions to check for a match. | Enter the maximum number of transactions to be checked. |
Chain Order | Enables chain ordering, which applies multiple members of this signature in the order that they are listed. If a signature contains only one member, this option is ignored. Note: Chain Order applies to multiple members within a signature. | Enable or disable chain ordering. By default chain ordering is disabled. |
Members in the Selected Signature | ||
Member Name | Specifies the name of the signature member. One signature can have multiple members. | Enter a unique name with a maximum length of 32 characters. |
Direction | Specifies the traffic direction for the member. | Select the traffic direction:
|
Context | Specifies the service-specific context in which to match the specified pattern. | Select the service-specific context for this member:
|
Pattern | Specifies the DFA pattern to be used as the search criterion for the member. | Enter the pattern. The maximum pattern length is 1023. |