Configuring Application Signatures

Application signatures can be part of a predefined application signature package or individual custom application signatures that you create. Use the following procedure to download predefined application signature packages, to configure custom application signatures, and to enable, disable, or delete the application signatures in your configuration.

  1. Select Configure>Security>Application Signature in the J-Web interface to display the Applications Signature page. Table 50 describes the content of this page.

    The upper pane lists all enabled and disabled application signatures on the device. An icon displayed at the left of an application signature name means that nested application signatures are associated with this application signature.

  2. Click an application signature displaying an icon to list its nested signatures in the lower pane.
  3. Click one:
    • Global Settings—Defines run specifications for application identification or for an automatic downloading schedule. Table 51 describes the content of the Global Settings page.
      • Select the App-Signature Global Settings tab to define run conditions, and to enable or disable application signatures and the application system cache.
      • Select the Download Scheduler tab to set up a schedule for automatic downloads of the latest predefined application signature package.
    • Download—Manually downloads the latest predefined application signature package. Table 52 describes the content of the Manually Download page.
    • Check Status—Monitors the progress of an active manual or scheduled download.
    • Uninstall—Removes application signatures currently installed on your device. Choose one of the uninstall options:
      • Customized—Uninstalls all customized applications. This option does not uninstall predefined applications.
      • Predefined—Uninstalls the predefined application package installed on your device. This option does not uninstall any customized applications.
      • All—Uninstalls all customized applications and the predefined application package installed on your device.
    • Add or Edit—Creates or edits a customized application and nested application signature.
      • To add or edit an application signature, in the upper pane click Add, or select a signature and click Edit. Table 53 describes the content of the Add/Edit Application page.
      • To add or edit a nested application signature, in the lower pane click Add, or select a nested signature and click Edit. Table 54 describes the content of the Add/Edit Nested Application page.
    • Delete—Removes a selected custom application signature or nested custom application signature from the configuration.

      Individual predefined application signatures cannot be deleted. Use Disable to deactivate an individual predefined application signature.

    • Clone—Creates a copy of a selected application signature or nested application signature under a different name.
    • Disable—Deactivates a selected application signature but does not remove it from the configuration. Use Disable instead of Delete to deactivate a predefined application signature.
  4. Click one:
    • OK–Saves the configuration and returns to the main configuration page.
    • Commit Options>Commit–Commits the configuration and returns to the main configuration page.
    • Cancel–Cancels your entries and returns to the main configuration page.

Table 50: Application Signature Configuration Page

Field

Function

Application Signatures

Name Search

Provides a search alternative to quickly display a specific application signature name.

Enter a name, and click Search to refresh the display with the specified application signature. To redisplay the entire list, clear the Name Search field and click Search.

Name

Displays the name of a predefined or customized application signature.

An icon displayed at the left of an application signature name means that the configuration for this application signature contains nested application signatures. Click the application signature to display its nested application signatures in the lower pane.

Application Type

Displays a well- known application name, such as FTP, Telnet, or HTTP.

Risk

Displays the assigned risk level of the application signature based on the potential security impact or the likelihood of it being used by hackers.

Characteristics

Displays an assigned characteristic of the application signature, such as “prone to misuse.”

Technology

Displays an assigned technology for the application signature, such as browser-based or peer-peer.

Status

Enables or disables the application signature.

To change the status, select the application signature and click Disable/Enable.

Nested App-Signature

Name Search

Provides a search alternative to quickly display a specific nested application signature name.

Enter a name, and click Search to refresh the display with the specified nested application signature. To redisplay the entire list, clear the Name Search field and click Search.

Name

Displays the name of the nested predefined or custom application signature.

Application Type

Displays a well-known application where the nested application signature is likely to appear, such as FTP, Telnet, or HTTP.

Risk

Displays the assigned risk level of the nested application signature based on the potential security impact or the likelihood of being used by hackers.

Characteristics

Displays an assigned characteristic of the nested application signature, such as “prone to misuse.”

Technology

Displays an assigned technology of the nested application signature, such as browser-based or peer-peer.

Table 51: Global Settings Details

Field

Function

Action

App-Signature Global Settings Tab

 

App-Signature Global Settings

 

Disable Application Signature

Disables application signature use. By default, application signature use is enabled.

Click the Disable Application Signature box to disable application signature use.

Enable System Cache

Enables the system cache to retain application signature information. By default, the application system cache is disabled.

Click the Enable System Cache box to enable the application system cache.

System Cache Timeout

Specifies the amount of time application signature information will be maintained in the system cache. The default value is 3600 seconds.

Enter the length of time that information is to be kept in the system cache.

Max Sessions

Specifies the maximum number of sessions that can use application signatures at the same time.

Enter the maximum number of application signature sessions allowed.

Total Max Check Bytes

Specifies the maximum number of bytes to check for an application signature. The default value is 10,000 bytes.

Enter the maximum number of bytes to be checked. The number can range from 0 through 100,000 bytes.

Nested App-Signature Global Settings

 

Disable Nested Application Signature

Disables nested application signature use. By default, nested application signature use is enabled.

Select the Disable Nested Application Signature check box to disable nested application signature use.

Enable System Cache

Enables the application system cache for nested application information. By default, the system cache for nested application information is disabled.

If caching is enabled for application information, select the Enable System Cache check box to enable caching for nested application information as well.

Max Client-to-Server Bytes

Specifies the maximum number of inbound bytes to be cached.

Enter the maximum number of inbound bytes to be cached. The number can range from 0 through 100,000 bytes.

Max Server-to-Client Bytes

Specifies the maximum number of outbound bytes to be cached.

Enter the maximum number of outbound bytes to be cached. The number can range from 0 through 100,000 bytes.

Download Scheduler Tab

 

URL

Specifies the site from which the predefined application signature package will be downloaded. Use this option when the download location is different from the default location.

If the default download location is not being used, enter the URL of the download location.

Enable Schedule Update

Enables scheduled automatic updates of the predefined application signature package. By default, scheduled automatic updates are disabled.

Select the Enable Schedule Update check box to enable automatic scheduled updates.

Interval

Specifies the number of hours between automatic updates of predefined application signatures.

Enter the download interval. The range is 6 through 720 hours.

Start Time

Specifies the month, day, and time of the first update. (The Start Time is significant for only the first automatic download. After that, automatic updates occur after the specified interval.)

Enter the time for the first download in MM-DD.hh:mm format using a 24-hour clock.

Reset Setting

Clears the Start Time field.

When changing an existing Start Time, click Reset Setting first to clear the field before entering a new start time.

Table 52: Manually Download Details

Field

Function

Action

URL

Specifies the site from which the predefined application signature package will be downloaded. Use this option when the download location is different from the default location.

If the default download location is not being used, enter the URL of the download location.

Version

Specifies the version to be downloaded.

Select Latest to download the latest application signature package available.

Otherwise, select and enter the version number of the application signature package to be downloaded.

Current Installed Version

Specifies the version number of the application signature package that is currently installed on your device.

Table 53: Add/Edit/Clone Application Signature Details

Field

Function

Action

Application Type

Specifies a well-known application, such as FTP, Telnet, or HTTP.

Enter the application type for this application signature.

Index

Provides a number mapped one-to-one to the application signature name to ensure that each application signature is unique.

Enter a number from 32,768 through 65,534. (Indexes from 1 through 32,767 are reserved for predefined application signatures.)

Note: The Index value must be unique among all custom application signatures. No differentiation is made between application signature and nested application signature Index values.

Signature Name

Specifies the name of the custom application signature.

Enter a unique name with a maximum length of 32 characters.

On the Edit Application Signature page, this field cannot be changed. On the Clone Application Signature page, this field is automatically seeded with a variation of the selected application signature name, but it can also be modified.

Signature

 

Min Data

Specifies the minimum number of bytes or packets to be used for matching the DFA pattern. The default value is 10.

Enter a number from 4 through 1024.

Pattern

 

Client to server

Provides the pattern to be matched for inbound traffic

Enter the inbound traffic pattern.

Server to client

Provides the pattern to be matched for outbound traffic

Enter the outbound traffic pattern.

Port Range

 

TCP Port

Specifies a range of TCP ports to be checked for the custom application signature. The default range for TCP is 0 through 65,535.

Enter a range of TCP ports.

UDP Port

Specifies a range of UDP ports to be checked for the custom application signature. The default range for UDP is 0 through 65,535.

Enter a range of UDP ports.

Fallback Port

 

Port Range

Specifies a range of ports to be checked for the application signature. The default range is 0 through 65,535.

Select the Port Range check box and enter the default port range.

Protocol

Specifies the fallback port to be the range in the specified protocol.

Select the Protocol check box and enter the protocol of the fallback port range.

Table 54: Add/Edit/Clone Nested Application-Signature Details

Field

Function

Action

Application Type

Specifies the nested application type running under HTTP. This is often a well- known application name, such as Facebook or YouTube.

Enter the application type.

Index

Provides a unique number mapped one-to-one to an application or nested application signature name to ensure that each application signature is unique.

Enter a number from 32,768 through 65,534. (Indexes from 1 through 32,767 are reserved for predefined application signatures.)

Note: The Index value must be unique among all custom application signatures. No differentiation is made between application signature and nested application signature Index values.

Name

Specifies the name of the custom nested application signature. By convention, to ensure unique naming, the application type is appended to the name and signature name of the nested application.

Enter a unique name with a maximum length of 32 characters.

On the Edit Nested Application Signature page, this field cannot be changed. On the Clone Nested Application Signature page, this field is automatically seeded with a variation of the selected nested application signature name, but it can also be modified.

Protocol

HTTP

Enter HTTP as the protocol for all nested application signatures.

Signatures/Members

 

Signature Name

Specifies the name of the signature.

Enter a unique name with a maximum length of 32 characters.

Order

Specifies a unique number that determines the match priority of this signature. When multiple signatures match the same session, the lowest number takes priority.

Note: Order applies to multiple signatures within the session.

Enter the order number.

Maximum Transactions

Specifies the maximum number of transactions to check for a match.

Enter the maximum number of transactions to be checked.

Chain Order

Enables chain ordering, which applies multiple members of this signature in the order that they are listed. If a signature contains only one member, this option is ignored.

Note: Chain Order applies to multiple members within a signature.

Enable or disable chain ordering. By default chain ordering is disabled.

Members in the Selected Signature

 

Member Name

Specifies the name of the signature member. One signature can have multiple members.

Enter a unique name with a maximum length of 32 characters.

Direction

Specifies the traffic direction for the member.

Select the traffic direction:

  • any
  • client-to-server
  • server-to-client

Context

Specifies the service-specific context in which to match the specified pattern.

Select the service-specific context for this member:

  • http-header-context-type
  • http-header-host
  • http-url-parsed
  • http-url-parsed-param-parsed

Pattern

Specifies the DFA pattern to be used as the search criterion for the member.

Enter the pattern. The maximum pattern length is 1023.