App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic Using Custom Dictionary
Description
This scenario shows how to match traffic using a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id custom -1 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.577 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.577/0.577/0.577/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 http-host:webserver.comShow output
Feb 12 16:28:21.214091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=39727 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 12 16:28:21.214138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=39728 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 12 16:28:21.218094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=39729 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 ssl-host:webserver.comShow output
Feb 12 16:28:21.214091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=39727 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 12 16:28:21.214138 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=39728 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 12 16:28:21.218094 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=39729 DF PROTO=TCP SPT=80 DPT=40214 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 12 16:28:21.429482 osdx OSDxCLI[2311]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Feb 12 16:28:21.706100 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52017 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.756109 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=52018 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.757397 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52020 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.757587 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=52021 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.757621 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=52022 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.758089 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=52023 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.758103 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=52024 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 12 16:28:21.766093 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52025 DF PROTO=TCP SPT=443 DPT=58728 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 ssl-host:webserver.com]
Match Traffic Using Provider Dictionary
Description
This scenario shows how to match traffic using a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id engine 128 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.209 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.209/0.209/0.209/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 http-host:webserver.comShow output
Feb 12 16:28:29.935779 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=54431 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 12 16:28:29.935860 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=54432 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 12 16:28:29.937397 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=54433 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 ssl-host:webserver.comShow output
Feb 12 16:28:29.935779 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=54431 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 12 16:28:29.935860 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=54432 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 12 16:28:29.937397 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=54433 DF PROTO=TCP SPT=80 DPT=41696 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 12 16:28:30.116104 osdx OSDxCLI[2311]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Feb 12 16:28:30.375029 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=26696 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.379022 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=26697 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.383062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=26699 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.383089 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=26700 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.383101 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=26701 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.383111 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=26702 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 12 16:28:30.383123 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=26703 DF PROTO=TCP SPT=443 DPT=58738 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 ssl-host:webserver.com]
Match Traffic Using Remote Dictionary
Description
This scenario shows how to match traffic using a remote dictionary with category and reputation selectors.
Phase 1: Override mode - match by category
Phase 2: Override mode - match by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - match by category
Phase 4: Chained mode - match by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+MqnnAPlllAj2hjlmYl4mXK7yhC4HgeXw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19h3I4xegDuZx2PJoz+HKWbPagIlK/To4Vl1E0X3Qn5P1m4VwDp/3Md set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.238 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.238/0.238/0.238/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.comShow output
Feb 12 16:28:40.650210 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33059 DF PROTO=TCP SPT=80 DPT=50612 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:28:40.650255 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33060 DF PROTO=TCP SPT=80 DPT=50612 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:28:40.654211 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33061 DF PROTO=TCP SPT=80 DPT=50612 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19etlE5A1MeVMKoGfAmmSghpIXZGuENX10= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+dXSn2ch5UQ6kjjre8lnTgT/nGSZJwBtjTNB4qZZdOW3k8nCRvgvB1 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.732 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.732/0.732/0.732/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 12 16:28:48.403155 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=36826 DF PROTO=TCP SPT=80 DPT=55648 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:48.403216 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=36827 DF PROTO=TCP SPT=80 DPT=55648 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:48.406207 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=36828 DF PROTO=TCP SPT=80 DPT=55648 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 12 16:28:52.258721 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=13210 DF PROTO=TCP SPT=80 DPT=55668 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:52.258770 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=13211 DF PROTO=TCP SPT=80 DPT=55668 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:52.258850 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=13212 DF PROTO=TCP SPT=80 DPT=55668 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 12 16:28:55.786276 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46182 DF PROTO=TCP SPT=80 DPT=44312 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:55.786326 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46183 DF PROTO=TCP SPT=80 DPT=44312 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:28:55.790210 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46184 DF PROTO=TCP SPT=80 DPT=44312 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+a8oE6g5EdhVKPhKOB51pzwP335Y3lKfw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+Gl5+rni/LAYnGURwbn7P7dUE0z9lRbFJ7674LIEMtgFNuPU3X63OU set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+sVPZqbLvlXhsf5E1bdEQdKsbF9TnimvU= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18WKXX7yttVeOXKDTfKGSGfUZmNtx+WU1ArW32ftN9CkLnDbjyFDCQF set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.385 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.385/0.385/0.385/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:29:04.322218 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10301 DF PROTO=TCP SPT=80 DPT=51332 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:29:04.322255 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10302 DF PROTO=TCP SPT=80 DPT=51332 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:29:04.326268 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10303 DF PROTO=TCP SPT=80 DPT=51332 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/Ntc9p9yCe3JHaex6FkJapyDCTb+s6hT4= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+8MVNAqCOMXySqg3TY1Iz2HE8rXyM4FxDMatF1miCCaEmlPVCACsqv set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/V/qBwOu3zjvUvksu0FagncQBpELW8PD0= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18QFvap17Pvrdw6Dqt5YqJ9T1/ojhGSiNssc4rYQRMwa9/ccxe1fL8W set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.223 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.223/0.223/0.223/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:29:12.986217 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32386 DF PROTO=TCP SPT=80 DPT=56008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:29:12.986273 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32387 DF PROTO=TCP SPT=80 DPT=56008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:29:12.990216 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32388 DF PROTO=TCP SPT=80 DPT=56008 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:29:16.606220 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=788 DF PROTO=TCP SPT=80 DPT=56020 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:29:16.606291 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=789 DF PROTO=TCP SPT=80 DPT=56020 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:29:16.610214 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=790 DF PROTO=TCP SPT=80 DPT=56020 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:29:20.171782 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27596 DF PROTO=TCP SPT=80 DPT=56042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:29:20.171842 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27597 DF PROTO=TCP SPT=80 DPT=56042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:29:20.174209 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27598 DF PROTO=TCP SPT=80 DPT=56042 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Drop Traffic Not Maching Custom Dictionary
Description
This scenario shows how to drop traffic not matching a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.2 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id custom -1
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.243 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.243/0.243/0.243/0.000 ms
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Feb 12 16:29:28.156623 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=23038 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.156703 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23039 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.356717 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23040 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.364494 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23041 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.560675 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23042 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.572496 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23043 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.964697 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23044 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:28.980500 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23045 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:29.796661 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23046 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:29.813679 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23047 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:31.428690 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23048 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:31.444492 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23049 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:34.705488 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23050 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:34.724717 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23051 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:41.361237 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23052 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:41.380742 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23053 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:48.104501 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=23054 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Feb 12 16:29:48.512505 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40712 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:48.516494 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=40713 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:48.528509 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=40715 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:48.712717 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40716 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:48.728917 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=40717 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:48.916724 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40718 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:49.136902 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=40719 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:49.348671 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40720 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:49.968897 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=40721 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:50.180731 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40722 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:51.604828 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=40723 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:51.812707 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40724 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:54.416719 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23055 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:54.440503 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23056 DF PROTO=TCP SPT=80 DPT=36974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:29:54.932694 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=40725 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:55.204713 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40726 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:29:58.504494 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40727 DF PROTO=TCP SPT=443 DPT=50546 WINDOW=506 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Maching Provider Dictionary
Description
This scenario shows how to drop traffic not matching a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.315 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.315/0.315/0.315/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Feb 12 16:30:06.286065 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=20410 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:06.286122 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20411 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:06.485812 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20412 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:06.486171 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20413 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:06.689817 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20414 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:06.690139 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20415 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:07.094268 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20416 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:07.105745 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20417 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:07.926248 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20418 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:07.937702 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20419 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:09.558283 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20420 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:09.569683 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20421 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:12.869644 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20422 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:12.886290 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20423 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:19.521313 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20424 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:19.546068 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20425 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:26.254068 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=20426 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Feb 12 16:30:26.686072 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18455 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:26.690244 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=18456 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:26.698092 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=18458 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:26.886263 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18459 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:26.901060 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18460 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:27.090267 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18461 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:27.329007 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18462 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:27.510282 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18463 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:28.161002 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18464 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:28.342243 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18465 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:29.792915 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18466 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:29.974309 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18467 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:32.580827 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20427 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:32.598225 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=20428 DF PROTO=TCP SPT=80 DPT=46438 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 12 16:30:33.088792 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=18468 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:33.366280 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18469 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 12 16:30:36.680608 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18470 DF PROTO=TCP SPT=443 DPT=58522 WINDOW=506 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Matching Remote Dictionary
Description
This scenario shows how to drop traffic not matching a remote dictionary category or reputation.
Phase 1: Override mode - drop by not matching category
Phase 2: Override mode - drop by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - drop by not matching category
Phase 4: Chained mode - drop by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+WDdfmshD3JrPYsPqFb5EVG3Xdi+62/js= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/H7U/3aeuDwn9KxLzCzbX/aiwJ1XJfmX6GlTdlWaQTCsroK735o1j1 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.233 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.233/0.233/0.233/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.com DROPShow output
Feb 12 16:31:08.054451 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10318 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.054497 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10319 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.254629 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10320 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.255769 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10321 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.458693 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10322 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.459770 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10323 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.870701 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10324 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:08.883768 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10325 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:09.702662 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10326 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:09.711799 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10327 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:11.334668 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10328 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:11.343738 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10329 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:11.983713 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29918 DF PROTO=TCP SPT=80 DPT=43806 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Feb 12 16:31:12.006603 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29919 DF PROTO=TCP SPT=80 DPT=43806 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Feb 12 16:31:14.566599 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10330 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:14.799584 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10331 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:21.222682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10332 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:21.455361 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10333 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 12 16:31:28.074659 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10334 DF PROTO=TCP SPT=80 DPT=51202 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+6KG/fOQaDpUTFnCCPeLRGqi/AkGSfOts= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+W3m9xm6phrohIqvMaLUGvak+OnB8Gi4k8cV4d6xuTxEFV7aHsDR1J set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.242 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 12 16:31:36.698472 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51784 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:36.698549 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51785 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:36.902459 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51786 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:36.902543 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51787 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:37.102672 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51788 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:37.106675 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51789 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:37.510689 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51790 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:37.518727 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51791 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:38.342651 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51792 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:38.350658 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51793 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:39.974615 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51794 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:39.982565 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51795 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:43.218545 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51796 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:43.238687 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51797 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:49.870304 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51798 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:49.894604 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51799 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:31:56.706458 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51800 DF PROTO=TCP SPT=80 DPT=56018 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 12 16:32:20.282441 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22055 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:20.282479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22056 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:20.481083 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22057 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:20.482514 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22058 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:20.686912 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22059 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:20.689149 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22060 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:21.094618 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22061 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:21.101016 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22062 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:21.926649 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22063 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:21.932985 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22064 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:23.558636 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22065 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:23.564880 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22066 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:24.172965 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=24734 DF PROTO=TCP SPT=80 DPT=38978 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:24.198611 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=24735 DF PROTO=TCP SPT=80 DPT=38978 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:26.988843 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22067 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:27.014607 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22068 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:33.648606 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=22069 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:33.670603 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=22070 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:32:40.294463 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=22071 DF PROTO=TCP SPT=80 DPT=49520 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 12 16:33:03.786449 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33186 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:03.786494 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33187 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:03.986652 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33188 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:03.994450 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33189 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:04.190622 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33190 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:04.202455 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33191 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:04.614624 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33192 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:04.626455 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33193 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:05.446622 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33194 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:05.454450 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33195 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:07.082455 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33196 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:07.090447 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33197 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:07.695322 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51175 DF PROTO=TCP SPT=80 DPT=59070 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:07.718664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51176 DF PROTO=TCP SPT=80 DPT=59070 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:10.511217 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33198 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:10.534590 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33199 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:17.162948 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=33200 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:17.190622 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=33201 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:23.794451 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33202 DF PROTO=TCP SPT=80 DPT=45798 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19FYuOrR8JMXIzi44cn0IYF+fmMeLzk4dQ= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX194DTi0/AUQ3OP88lv3ih9ZcWJgyImnbyH+ZRrILpzTuZ1FOW31MhG5 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18HlKlvTXQ2DTsi32DW1lBwNJf2onI5RKo= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/+w6h0d9F4NHLZopvvjc6eomWMaWzCrVFc8Vo4GaU6M56zTV45dUXw set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.279 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.279/0.279/0.279/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:33:52.630462 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64968 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:52.630517 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64969 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:52.830459 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64970 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:52.830604 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64971 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:53.033584 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64972 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:53.034547 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64973 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:53.446665 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64974 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:53.453486 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64975 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:54.278646 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64976 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:54.285482 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64977 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:55.910613 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64978 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:55.917380 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64979 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:56.589436 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=44522 DF PROTO=TCP SPT=80 DPT=46818 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:33:56.614622 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=44523 DF PROTO=TCP SPT=80 DPT=46818 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:33:59.149344 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64980 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:33:59.174622 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64981 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:05.801069 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64982 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:05.830591 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64983 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:12.644028 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64984 DF PROTO=TCP SPT=80 DPT=40256 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19+DyaUP9vysnQMAvzweu8SZmZNEJVC+Wo= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18klPYo1Z7I6RwrlSNdqI+KN+0mEOltP53ADtm/ANkN77Ik1TjgIDNO set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1/Z+Z1nPYCj3xVNmACI94LBi0lYGfSFAiY= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+cGxo7NITg+GlKu+Unrpx7lb2/OZls6b0iC9ITL4e1Kh0QvCy8RQO+ set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.290 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.290/0.290/0.290/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:34:22.246454 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16205 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:22.246510 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16206 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:22.444444 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16207 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:22.446531 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16208 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:22.650618 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16209 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:22.652366 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16210 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:23.078640 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16211 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:23.080330 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16212 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:23.910635 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16213 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:23.916370 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16214 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:25.542637 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16215 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:25.544240 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16216 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:28.840246 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16217 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:28.870667 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16218 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:35.495999 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16219 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:35.526647 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16220 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 12 16:34:42.210445 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16221 DF PROTO=TCP SPT=80 DPT=45896 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:35:05.806460 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=26057 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:05.806516 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26058 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.006643 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26059 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.006736 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26060 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.210675 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26061 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.210774 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26062 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.630682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26063 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:06.630784 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26064 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:07.462643 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26065 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:07.466664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26066 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:09.094681 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26067 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:09.098619 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26068 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:09.798643 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=41958 DF PROTO=TCP SPT=80 DPT=32798 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:09.830723 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=41959 DF PROTO=TCP SPT=80 DPT=32798 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:12.358544 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26069 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:12.390674 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26070 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:19.014305 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26071 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:19.046609 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26072 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:25.826459 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=26073 DF PROTO=TCP SPT=80 DPT=34436 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 12 16:35:49.646461 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64376 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:49.646531 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64377 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:49.846644 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64378 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:49.849043 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64379 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:50.050653 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64380 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:50.057065 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64381 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:50.470660 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64382 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:50.473041 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64383 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:51.302627 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64384 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:51.304981 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64385 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:52.934668 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64386 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:52.936972 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64387 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:53.577020 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=57559 DF PROTO=TCP SPT=80 DPT=35746 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:53.606684 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=57560 DF PROTO=TCP SPT=80 DPT=35746 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:56.166632 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64388 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:35:56.388906 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64389 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:36:02.822638 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=64390 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:36:03.044611 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64391 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 12 16:36:09.626889 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:52:8e:c4:04:34:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64392 DF PROTO=TCP SPT=80 DPT=58754 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]