Forum Français

Reply
Aruba Employee
Posts: 40
Registered: ‎12-13-2013

Difference entre Firewall-Visibility et Firewall DPI

Avec l'AOS 6.2/6.3, AppRF 1.0 avait été introduit. Il se basait sur 4 méthodes différentes pour classifier les apps

LAYER 4 SERVICE INFORMATION

The most basic level of application information comes from the configured layer 4 services on the controller. See the ArubaOS User Guide for a complete list of these services. Customers can add their own custom services if desired.
VOICE ALGS

The next source of application information is the voice ALGs. AppRF will use these ALGs to precisely classify what type of voice traffic is on the network. As of this writing, we currently support SIP, H.323, SCCP, Vocera, and UA ALGs.
HEURISTIC METHODS – PEER TO PEER

Using analysis of traffic patterns, we are able to identify certain types of peer-to-peer applications. Today, these include Skype and Bittorent.
Note that the current beta version does not identify Bittorent when it is running in "Leaching" mode, but it will in "Seeding" mode.
Also, please note that both Skype and Bittorent will be classified as "Peer-to-Peer".  We use the exact same heuristics to detect them, and can't distinguish between them at this time.
WEB APPLICATIONS

The final source of information about application type comes from analysis of web traffic. The strategy is to determine the difference between generic web traffic and traffic destined for specific web sites or web applications. For the top 90 web applications, we will classify any traffic to/from these domains as members of that application. These web applications are grouped into catagories:

Misc:
wikipedia, wikimedia, amazon, taobao, tbcdn, sina, wordpress, ebay, yandex, tudo, scorecardresearch, quantserve
Streaming video:
youtube, tdimg, youku, cnbc, msnbc, cnn, abc, bbc, cnbc, nbc, netflix
IM and Email:
gmail, Microsoft live mail, Microsoft messenger, Yahoo mail, Yahoo Messenger, gravatar
Social networking sites:
facebook, twitter, linkedIn, bebo, myspace, habbo, badoo, orkut, hi5, tagged, friendster, flixter, meebo
File sharing services:
4shared, badongo, mediafire, megashare, megaupload, rapidshare, depositfiles, zshare, taringa, usenet, filefactory, easy-share, divshare, gigasize, sharedzilla, yourfilehost, asapload, taringa, divshare, sendspace, yousendit, letitbit, filesurf, hotshare, usaupload, savefile, bigupload, up-file, hyperfileshare, zippyshare, uploading, sharebee, rapidspread
Ad networks:
doubleclick, hiro, adtally, zedo, mediastrike, adword, volomedia, hydra, nuffnang, realtechnetwork, valueclick, adblade, admeld, admob, adshuffle, adstil, adnxs, adimages, advertising, adadvisior, adfusion, adxpose, flashtalking, fastclick, adbrite, adchina, admagnet, bidclix, clickbooth, exoclick, casalemedia, kontera, rightmedia

Cette classification était activée par la commande 

firewall-visibility

 

AOS 6.4 supporte maintenant une analyse (AppRF 2.0) de type Deep Packet Inspection permettant de reconnaître les signatures de plusieurs milliers d'application.

Cette fonctionnalité est activée par la commande 

firewall dpi

 

sr
Occasional Contributor II
Posts: 11
Registered: ‎06-21-2016

Re: Difference entre Firewall-Visibility et Firewall DPI

Bonsoir,

 

Si je comprends bien, il faut activer Firewall-Visibility pour activer le mécanisme d'analyse, par contre, cela apporte quoi de plus d'activer aussi le DPI ? D'autres applications peuvent être détectées et classifiées ?

 

La commande "show dpi application category all" renvoie une liste de catégories, il faut activer le DPI pour avoir la classification dans ces catégories ?

 

Sébastien

 

 

Aruba Employee
Posts: 40
Registered: ‎12-13-2013

Re: Difference entre Firewall-Visibility et Firewall DPI

Le firewall-visibitily n'a plus d'intérêt en version 6.4, le dpi reconnaissant largement plus d'applications. Un simple click dans la liste déroulante des applications lorsqu'on crée une policy permet d'avoir un aperçu justement de ce que le dpi reconaît.

 

 

sr
Occasional Contributor II
Posts: 11
Registered: ‎06-21-2016

Re: Difference entre Firewall-Visibility et Firewall DPI

Par contre, si le firewall-visibility n'est pas activé, rien n'est affiché dans le dashboard, il faut donc l'activer ainsi que le dpi.

Search Airheads
Showing results for 
Search instead for 
Did you mean: