config application list

Configure application control lists.

config application list

Description: Configure application control lists.

edit <name>

set comment {var-string}

set replacemsg-group {string}

set extended-log [enable|disable]

set other-application-action [pass|block]

set app-replacemsg [disable|enable]

set other-application-log [disable|enable]

set enforce-default-app-port [disable|enable]

set force-inclusion-ssl-di-sigs [disable|enable]

set unknown-application-action [pass|block]

set unknown-application-log [disable|enable]

set p2p-black-list {option1}, {option2}, ...

set deep-app-inspection [disable|enable]

set options {option1}, {option2}, ...

config entries

Description: Application list entries.

edit <id>

set risk <level1>, <level2>, ...

set category <id1>, <id2>, ...

set sub-category <id1>, <id2>, ...

set application <id1>, <id2>, ...

set protocols {user}

set vendor {user}

set technology {user}

set behavior {user}

set popularity {option1}, {option2}, ...

set exclusion <id1>, <id2>, ...

config parameters

Description: Application parameters.

edit <id>

set value {string}

next

end

set action [pass|block|...]

set log [disable|enable]

set log-packet [disable|enable]

set rate-count {integer}

set rate-duration {integer}

set rate-mode [periodical|continuous]

set rate-track [none|src-ip|...]

set session-ttl {integer}

set shaper {string}

set shaper-reverse {string}

set per-ip-shaper {string}

set quarantine [none|attacker]

set quarantine-expiry {user}

set quarantine-log [disable|enable]

next

end

set control-default-network-services [disable|enable]

config default-network-services

Description: Default network service entries.

edit <id>

set port {integer}

set services {option1}, {option2}, ...

set violation-action [pass|monitor|...]

next

end

next

end

config application list

Parameter	Description	Type	Size
comment	comments	var-string	Not Specified
replacemsg-group	Replacement message group.	string	Not Specified
extended-log	Enable/disable extended logging.	option	-
	Option Description enable Enable setting. disable Disable setting.
other-application-action	Action for other applications.	option	-
	Option Description pass Allow sessions matching an application in this application list. block Block sessions matching an application in this application list.
app-replacemsg	Enable/disable replacement messages for blocked applications.	option	-
	Option Description disable Disable replacement messages for blocked applications. enable Enable replacement messages for blocked applications.
other-application-log	Enable/disable logging for other applications.	option	-
	Option Description disable Disable logging for other applications. enable Enable logging for other applications.
enforce-default-app-port	Enable/disable default application port enforcement for allowed applications.	option	-
	Option Description disable Disable default application port enforcement. enable Enable default application port enforcement.
force-inclusion-ssl-di-sigs	Enable/disable forced inclusion of SSL deep inspection signatures.	option	-
	Option Description disable Disable forced inclusion of signatures which normally require SSL deep inspection. enable Enable forced inclusion of signatures which normally require SSL deep inspection.
unknown-application-action	Pass or block traffic from unknown applications.	option	-
	Option Description pass Pass or allow unknown applications. block Drop or block unknown applications.
unknown-application-log	Enable/disable logging for unknown applications.	option	-
	Option Description disable Disable logging for unknown applications. enable Enable logging for unknown applications.
p2p-black-list	P2P applications to be black listed.	option	-
	Option Description skype Skype. edonkey Edonkey. bittorrent Bit torrent.
deep-app-inspection	Enable/disable deep application inspection.	option	-
	Option Description disable Disable deep application inspection. enable Enable deep application inspection.
options	Basic application protocol signatures allowed by default.	option	-
	Option Description allow-dns Allow DNS. allow-icmp Allow ICMP. allow-http Allow generic HTTP web browsing. allow-ssl Allow generic SSL communication. allow-quic Allow QUIC.
control-default-network-services	Enable/disable enforcement of protocols over selected ports.	option	-
	Option Description disable Disable protocol enforcement over selected ports. enable Enable protocol enforcement over selected ports.

config entries

Parameter	Description	Type	Size
risk <level>	Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical). Risk, or impact, of allowing traffic from this application to occur (1 - 5; Low, Elevated, Medium, High, and Critical).	integer	Minimum value: 0 Maximum value: 4294967295
category <id>	Category ID list. Application category ID.	integer	Minimum value: 0 Maximum value: 4294967295
sub-category <id>	Application Sub-category ID list. Application sub-category ID.	integer	Minimum value: 0 Maximum value: 4294967295
application <id>	ID of allowed applications. Application IDs.	integer	Minimum value: 0 Maximum value: 4294967295
protocols	Application protocol filter.	user	Not Specified
vendor	Application vendor filter.	user	Not Specified
technology	Application technology filter.	user	Not Specified
behavior	Application behavior filter.	user	Not Specified
popularity	Application popularity filter .	option	-
	Option Description 1 Popularity level 1. 2 Popularity level 2. 3 Popularity level 3. 4 Popularity level 4. 5 Popularity level 5.
exclusion <id>	ID of excluded applications. Excluded application IDs.	integer	Minimum value: 0 Maximum value: 4294967295
action	Pass or block traffic, or reset connection for traffic from this application.	option	-
	Option Description pass Pass or allow matching traffic. block Block or drop matching traffic. reset Reset sessions for matching traffic.
log	Enable/disable logging for this application list.	option	-
	Option Description disable Disable logging. enable Enable logging.
log-packet	Enable/disable packet logging.	option	-
	Option Description disable Disable packet logging. enable Enable packet logging.
rate-count	Count of the rate.	integer	Minimum value: 0 Maximum value: 65535
rate-duration	Duration (sec) of the rate.	integer	Minimum value: 1 Maximum value: 65535
rate-mode	Rate limit mode.	option	-
	Option Description periodical Allow configured number of packets every rate-duration. continuous Block packets once the rate is reached.
rate-track	Track the packet protocol field.	option	-
	Option Description none none src-ip Source IP. dest-ip Destination IP. dhcp-client-mac DHCP client. dns-domain DNS domain.
session-ttl	Session TTL .	integer	Minimum value: 0 Maximum value: 4294967295
shaper	Traffic shaper.	string	Not Specified
shaper-reverse	Reverse traffic shaper.	string	Not Specified
per-ip-shaper	Per-IP traffic shaper.	string	Not Specified
quarantine	Quarantine method.	option	-
	Option Description none Quarantine is disabled. attacker Block all traffic sent from attacker's IP address. The attacker's IP address is also added to the banned user list. The target's address is not affected.
quarantine-expiry	Duration of quarantine. . Requires quarantine set to attacker.	user	Not Specified
quarantine-log	Enable/disable quarantine logging.	option	-
	Option Description disable Disable quarantine logging. enable Enable quarantine logging.

config parameters

Parameter	Description	Type	Size
value	Parameter value.	string	Not Specified

config default-network-services

Parameter	Description	Type	Size
port	Port number.	integer	Minimum value: 0 Maximum value: 65535
services	Network protocols.	option	-
	Option Description http HTTP. ssh SSH. telnet TELNET. ftp FTP. dns DNS. smtp SMTP. pop3 POP3. imap IMAP. snmp SNMP. nntp NNTP. https HTTPS.
violation-action	Action for protocols not white listed under selected port.	option	-
	Option Description pass Allow protocols not white listed under selected port. monitor Monitor protocols not white listed under selected port. block Block protocols not white listed under selected port.