config application list
Description: Configure application control lists.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set extended-log [enable|disable]
set other-application-action [pass|block]
set app-replacemsg [disable|enable]
set other-application-log [disable|enable]
set enforce-default-app-port [disable|enable]
set force-inclusion-ssl-di-sigs [disable|enable]
set unknown-application-action [pass|block]
set unknown-application-log [disable|enable]
set p2p-black-list {option1}, {option2}, ...
set deep-app-inspection [disable|enable]
set options {option1}, {option2}, ...
config entries
Description: Application list entries.
edit <id>
set risk <level1>, <level2>, ...
set category <id1>, <id2>, ...
set application <id1>, <id2>, ...
set protocols {user}
set vendor {user}
set technology {user}
set behavior {user}
set popularity {option1}, {option2}, ...
config parameters
Description: Application parameters.
edit <id>
config members
Description: Parameter tuple members.
edit <id>
set name {string}
set value {string}
next
end
next
end
set action [pass|block|...]
set log [disable|enable]
set log-packet [disable|enable]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
set session-ttl {integer}
set shaper {string}
set shaper-reverse {string}
set per-ip-shaper {string}
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
set control-default-network-services [disable|enable]
config default-network-services
Description: Default network service entries.
edit <id>
set port {integer}
set services {option1}, {option2}, ...
set violation-action [pass|monitor|...]
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | comments | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
extended-log | Enable/disable extended logging. enable: Enable setting. disable: Disable setting. |
option | - |
other-application-action | Action for other applications. pass: Allow sessions matching an application in this application list. block: Block sessions matching an application in this application list. |
option | - |
app-replacemsg | Enable/disable replacement messages for blocked applications. disable: Disable replacement messages for blocked applications. enable: Enable replacement messages for blocked applications. |
option | - |
other-application-log | Enable/disable logging for other applications. disable: Disable logging for other applications. enable: Enable logging for other applications. |
option | - |
enforce-default-app-port | Enable/disable default application port enforcement for allowed applications. disable: Disable default application port enforcement. enable: Enable default application port enforcement. |
option | - |
force-inclusion-ssl-di-sigs | Enable/disable forced inclusion of SSL deep inspection signatures. disable: Disable forced inclusion of signatures which normally require SSL deep inspection. enable: Enable forced inclusion of signatures which normally require SSL deep inspection. |
option | - |
unknown-application-action | Pass or block traffic from unknown applications. pass: Pass or allow unknown applications. block: Drop or block unknown applications. |
option | - |
unknown-application-log | Enable/disable logging for unknown applications. disable: Disable logging for unknown applications. enable: Enable logging for unknown applications. |
option | - |
p2p-black-list | P2P applications to be black listed. skype: Skype. edonkey: Edonkey. bittorrent: Bit torrent. |
option | - |
deep-app-inspection | Enable/disable deep application inspection. disable: Disable deep application inspection. enable: Enable deep application inspection. |
option | - |
options | Basic application protocol signatures allowed by default. allow-dns: Allow DNS. allow-icmp: Allow ICMP. allow-http: Allow generic HTTP web browsing. allow-ssl: Allow generic SSL communication. allow-quic: Allow QUIC. |
option | - |
control-default-network-services | Enable/disable enforcement of protocols over selected ports. disable: Disable protocol enforcement over selected ports. enable: Enable protocol enforcement over selected ports. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
risk <level> |
Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). |
integer | Minimum value: 0 Maximum value: 4294967295 |
category <id> |
Category ID list. Application category ID. |
integer | Minimum value: 0 Maximum value: 4294967295 |
application <id> |
ID of allowed applications. Application IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
protocols | Application protocol filter. | user | Not Specified |
vendor | Application vendor filter. | user | Not Specified |
technology | Application technology filter. | user | Not Specified |
behavior | Application behavior filter. | user | Not Specified |
popularity | Application popularity filter (1 - 5, from least to most popular). 1: Popularity level 1. 2: Popularity level 2. 3: Popularity level 3. 4: Popularity level 4. 5: Popularity level 5. |
option | - |
action | Pass or block traffic, or reset connection for traffic from this application. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. |
option | - |
log | Enable/disable logging for this application list. disable: Disable logging. enable: Enable logging. |
option | - |
log-packet | Enable/disable packet logging. disable: Disable packet logging. enable: Enable packet logging. |
option | - |
rate-count | Count of the rate. | integer | Minimum value: 0 Maximum value: 65535 |
rate-duration | Duration (sec) of the rate. | integer | Minimum value: 1 Maximum value: 65535 |
rate-mode | Rate limit mode. periodical: Allow configured number of packets every rate-duration. continuous: Block packets once the rate is reached. |
option | - |
rate-track | Track the packet protocol field. none: none src-ip: Source IP. dest-ip: Destination IP. dhcp-client-mac: DHCP client. dns-domain: DNS domain. |
option | - |
session-ttl | Session TTL (0 = default). | integer | Minimum value: 0 Maximum value: 4294967295 |
shaper | Traffic shaper. | string | Maximum length: 35 |
shaper-reverse | Reverse traffic shaper. | string | Maximum length: 35 |
per-ip-shaper | Per-IP traffic shaper. | string | Maximum length: 35 |
quarantine | Quarantine method. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. | user | Not Specified |
quarantine-log | Enable/disable quarantine logging. disable: Disable quarantine logging. enable: Enable quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Parameter name. | string | Maximum length: 31 |
value | Parameter value. | string | Maximum length: 199 |
Parameter Name | Description | Type | Size |
---|---|---|---|
port | Port number. | integer | Minimum value: 0 Maximum value: 65535 |
services | Network protocols. http: HTTP. ssh: SSH. telnet: TELNET. ftp: FTP. dns: DNS. smtp: SMTP. pop3: POP3. imap: IMAP. snmp: SNMP. nntp: NNTP. https: HTTPS. |
option | - |
violation-action | Action for protocols not white listed under selected port. pass: Allow protocols not white listed under selected port. monitor: Monitor protocols not white listed under selected port. block: Block protocols not white listed under selected port. |
option | - |
config application list
Description: Configure application control lists.
edit <name>
set comment {var-string}
set replacemsg-group {string}
set extended-log [enable|disable]
set other-application-action [pass|block]
set app-replacemsg [disable|enable]
set other-application-log [disable|enable]
set enforce-default-app-port [disable|enable]
set force-inclusion-ssl-di-sigs [disable|enable]
set unknown-application-action [pass|block]
set unknown-application-log [disable|enable]
set p2p-black-list {option1}, {option2}, ...
set deep-app-inspection [disable|enable]
set options {option1}, {option2}, ...
config entries
Description: Application list entries.
edit <id>
set risk <level1>, <level2>, ...
set category <id1>, <id2>, ...
set application <id1>, <id2>, ...
set protocols {user}
set vendor {user}
set technology {user}
set behavior {user}
set popularity {option1}, {option2}, ...
config parameters
Description: Application parameters.
edit <id>
config members
Description: Parameter tuple members.
edit <id>
set name {string}
set value {string}
next
end
next
end
set action [pass|block|...]
set log [disable|enable]
set log-packet [disable|enable]
set rate-count {integer}
set rate-duration {integer}
set rate-mode [periodical|continuous]
set rate-track [none|src-ip|...]
set session-ttl {integer}
set shaper {string}
set shaper-reverse {string}
set per-ip-shaper {string}
set quarantine [none|attacker]
set quarantine-expiry {user}
set quarantine-log [disable|enable]
next
end
set control-default-network-services [disable|enable]
config default-network-services
Description: Default network service entries.
edit <id>
set port {integer}
set services {option1}, {option2}, ...
set violation-action [pass|monitor|...]
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
comment | comments | var-string | Maximum length: 255 |
replacemsg-group | Replacement message group. | string | Maximum length: 35 |
extended-log | Enable/disable extended logging. enable: Enable setting. disable: Disable setting. |
option | - |
other-application-action | Action for other applications. pass: Allow sessions matching an application in this application list. block: Block sessions matching an application in this application list. |
option | - |
app-replacemsg | Enable/disable replacement messages for blocked applications. disable: Disable replacement messages for blocked applications. enable: Enable replacement messages for blocked applications. |
option | - |
other-application-log | Enable/disable logging for other applications. disable: Disable logging for other applications. enable: Enable logging for other applications. |
option | - |
enforce-default-app-port | Enable/disable default application port enforcement for allowed applications. disable: Disable default application port enforcement. enable: Enable default application port enforcement. |
option | - |
force-inclusion-ssl-di-sigs | Enable/disable forced inclusion of SSL deep inspection signatures. disable: Disable forced inclusion of signatures which normally require SSL deep inspection. enable: Enable forced inclusion of signatures which normally require SSL deep inspection. |
option | - |
unknown-application-action | Pass or block traffic from unknown applications. pass: Pass or allow unknown applications. block: Drop or block unknown applications. |
option | - |
unknown-application-log | Enable/disable logging for unknown applications. disable: Disable logging for unknown applications. enable: Enable logging for unknown applications. |
option | - |
p2p-black-list | P2P applications to be black listed. skype: Skype. edonkey: Edonkey. bittorrent: Bit torrent. |
option | - |
deep-app-inspection | Enable/disable deep application inspection. disable: Disable deep application inspection. enable: Enable deep application inspection. |
option | - |
options | Basic application protocol signatures allowed by default. allow-dns: Allow DNS. allow-icmp: Allow ICMP. allow-http: Allow generic HTTP web browsing. allow-ssl: Allow generic SSL communication. allow-quic: Allow QUIC. |
option | - |
control-default-network-services | Enable/disable enforcement of protocols over selected ports. disable: Disable protocol enforcement over selected ports. enable: Enable protocol enforcement over selected ports. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
risk <level> |
Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). |
integer | Minimum value: 0 Maximum value: 4294967295 |
category <id> |
Category ID list. Application category ID. |
integer | Minimum value: 0 Maximum value: 4294967295 |
application <id> |
ID of allowed applications. Application IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
protocols | Application protocol filter. | user | Not Specified |
vendor | Application vendor filter. | user | Not Specified |
technology | Application technology filter. | user | Not Specified |
behavior | Application behavior filter. | user | Not Specified |
popularity | Application popularity filter (1 - 5, from least to most popular). 1: Popularity level 1. 2: Popularity level 2. 3: Popularity level 3. 4: Popularity level 4. 5: Popularity level 5. |
option | - |
action | Pass or block traffic, or reset connection for traffic from this application. pass: Pass or allow matching traffic. block: Block or drop matching traffic. reset: Reset sessions for matching traffic. |
option | - |
log | Enable/disable logging for this application list. disable: Disable logging. enable: Enable logging. |
option | - |
log-packet | Enable/disable packet logging. disable: Disable packet logging. enable: Enable packet logging. |
option | - |
rate-count | Count of the rate. | integer | Minimum value: 0 Maximum value: 65535 |
rate-duration | Duration (sec) of the rate. | integer | Minimum value: 1 Maximum value: 65535 |
rate-mode | Rate limit mode. periodical: Allow configured number of packets every rate-duration. continuous: Block packets once the rate is reached. |
option | - |
rate-track | Track the packet protocol field. none: none src-ip: Source IP. dest-ip: Destination IP. dhcp-client-mac: DHCP client. dns-domain: DNS domain. |
option | - |
session-ttl | Session TTL (0 = default). | integer | Minimum value: 0 Maximum value: 4294967295 |
shaper | Traffic shaper. | string | Maximum length: 35 |
shaper-reverse | Reverse traffic shaper. | string | Maximum length: 35 |
per-ip-shaper | Per-IP traffic shaper. | string | Maximum length: 35 |
quarantine | Quarantine method. none: Quarantine is disabled. attacker: Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected. |
option | - |
quarantine-expiry | Duration of quarantine. (Format ###d##h##m, minimum 1m, maximum 364d23h59m, default = 5m). Requires quarantine set to attacker. | user | Not Specified |
quarantine-log | Enable/disable quarantine logging. disable: Disable quarantine logging. enable: Enable quarantine logging. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Parameter name. | string | Maximum length: 31 |
value | Parameter value. | string | Maximum length: 199 |
Parameter Name | Description | Type | Size |
---|---|---|---|
port | Port number. | integer | Minimum value: 0 Maximum value: 65535 |
services | Network protocols. http: HTTP. ssh: SSH. telnet: TELNET. ftp: FTP. dns: DNS. smtp: SMTP. pop3: POP3. imap: IMAP. snmp: SNMP. nntp: NNTP. https: HTTPS. |
option | - |
violation-action | Action for protocols not white listed under selected port. pass: Allow protocols not white listed under selected port. monitor: Monitor protocols not white listed under selected port. block: Block protocols not white listed under selected port. |
option | - |