App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic Using Custom Dictionary
Description
This scenario shows how to match traffic using a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id custom -1 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.180 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.180/0.180/0.180/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 http-host:webserver.comShow output
Feb 19 14:19:47.089985 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10892 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 19 14:19:47.090049 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10893 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 19 14:19:47.090062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10894 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 ssl-host:webserver.comShow output
Feb 19 14:19:47.089985 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10892 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 19 14:19:47.090049 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10893 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 19 14:19:47.090062 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10894 DF PROTO=TCP SPT=80 DPT=49674 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com] Feb 19 14:19:47.294036 osdx OSDxCLI[3074]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Feb 19 14:19:47.550026 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40083 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.554003 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=40084 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.557991 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=40086 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.558047 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=40087 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.558061 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=40088 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.558079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=40089 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Feb 19 14:19:47.561980 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40090 DF PROTO=TCP SPT=443 DPT=47056 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 ssl-host:webserver.com]
Match Traffic Using Provider Dictionary
Description
This scenario shows how to match traffic using a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id engine 128 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.203 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.203/0.203/0.203/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 http-host:webserver.comShow output
Feb 19 14:19:57.304517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56713 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 19 14:19:57.304574 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56714 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 19 14:19:57.304585 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56715 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 ssl-host:webserver.comShow output
Feb 19 14:19:57.304517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56713 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 19 14:19:57.304574 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56714 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 19 14:19:57.304585 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56715 DF PROTO=TCP SPT=80 DPT=54906 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com] Feb 19 14:19:57.482004 osdx OSDxCLI[3074]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Feb 19 14:19:57.720526 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33098 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.725006 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=33099 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.725063 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=33101 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.725075 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=33102 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.725083 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=33103 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.725091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=33104 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Feb 19 14:19:57.728518 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=33105 DF PROTO=TCP SPT=443 DPT=44792 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 ssl-host:webserver.com]
Match Traffic Using Remote Dictionary
Description
This scenario shows how to match traffic using a remote dictionary with category and reputation selectors.
Phase 1: Override mode - match by category
Phase 2: Override mode - match by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - match by category
Phase 4: Chained mode - match by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18ty8at6AKVr/Em8SnkK9PNJqquFgD5Guw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/+a5nBrVx6SMjsxB8emF6os9n1j8F+UDZT63kO57lKrAYliUr4/ME2 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.259 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.259/0.259/0.259/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.comShow output
Feb 19 14:20:10.799488 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=24176 DF PROTO=TCP SPT=80 DPT=52612 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:20:10.799543 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=24177 DF PROTO=TCP SPT=80 DPT=52612 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:20:10.799554 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=24178 DF PROTO=TCP SPT=80 DPT=52612 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+2IEUMnsg7SUl5ZDs9q6pype6mOVFtOjc= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/9GTqPC5VLnaWtSpaCufNJwUtZlkuP/YS0XVaPKvS0CsaIixkUmPaY set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.250 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.250/0.250/0.250/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 19 14:20:19.175486 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46261 DF PROTO=TCP SPT=80 DPT=57990 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:19.175533 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46262 DF PROTO=TCP SPT=80 DPT=57990 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:19.175543 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46263 DF PROTO=TCP SPT=80 DPT=57990 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 19 14:20:22.699495 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=44876 DF PROTO=TCP SPT=80 DPT=58002 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:22.699551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=44877 DF PROTO=TCP SPT=80 DPT=58002 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:22.699561 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=44878 DF PROTO=TCP SPT=80 DPT=58002 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Feb 19 14:20:26.295489 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49092 DF PROTO=TCP SPT=80 DPT=51996 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:26.295552 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=49093 DF PROTO=TCP SPT=80 DPT=51996 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:26.299487 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=49094 DF PROTO=TCP SPT=80 DPT=51996 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/pZhKWmDnM3NG9rORCGb3ImFrz+52S014= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+Vx1Z9fFXlMBlyGt48bNTvoLfKPZ+OCbSPXN+yGUJcc/hV7OrQVHa3 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18lM1JPg+3w2VhjXp5L5u8donKz4o+BW80= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18w9v+PxsmS+i0Q64340EHFTuPBbYVH7cmBpRfRI3QbKDuAbakOlwhN set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.199 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.199/0.199/0.199/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:20:34.619492 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28659 DF PROTO=TCP SPT=80 DPT=44792 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:34.619550 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28660 DF PROTO=TCP SPT=80 DPT=44792 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:34.619565 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28661 DF PROTO=TCP SPT=80 DPT=44792 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19HEkPE3fpPqtL2IKchoDKyw+2BQK4Nlnk= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+5+KrkfVrYJakI2HffLiskslj/kf3wDnBa427uYdC1h4OCy6Sf2PVm set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18OevkimYU17k2OAgdBsJbv4kR3A5hFoNI= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+pblfwI3BCNAzFfQRhsAsqjsdThS+o38WUNJX55zNy+kiVurG67quf set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.221 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.221/0.221/0.221/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:20:43.236809 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=3962 DF PROTO=TCP SPT=80 DPT=44814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:43.236867 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=3963 DF PROTO=TCP SPT=80 DPT=44814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:20:43.239498 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=3964 DF PROTO=TCP SPT=80 DPT=44814 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:20:46.787498 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=17045 DF PROTO=TCP SPT=80 DPT=38466 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:20:46.787556 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=17046 DF PROTO=TCP SPT=80 DPT=38466 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:20:46.787572 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=17047 DF PROTO=TCP SPT=80 DPT=38466 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:20:50.307517 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56482 DF PROTO=TCP SPT=80 DPT=38480 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:20:50.307565 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56483 DF PROTO=TCP SPT=80 DPT=38480 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:20:50.307575 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56484 DF PROTO=TCP SPT=80 DPT=38480 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Drop Traffic Not Maching Custom Dictionary
Description
This scenario shows how to drop traffic not matching a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.2 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id custom -1
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.222 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.222/0.222/0.222/0.000 ms
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Feb 19 14:20:58.410040 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40556 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:58.410081 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40557 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:58.609175 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40558 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:58.610122 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40559 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:58.813198 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40560 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:58.814158 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40561 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:59.221242 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40562 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:20:59.238264 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40563 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:00.053183 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40564 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:00.070203 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40565 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:01.685121 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40566 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:01.702251 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40567 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:04.966271 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40568 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:05.045010 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40569 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:11.622221 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40570 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:11.696766 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40571 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:18.390046 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40572 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Feb 19 14:21:18.862045 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58358 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:18.866056 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=58359 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:18.870049 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=58361 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:19.062204 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58362 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:19.072480 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=58363 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:19.266231 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58364 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:19.504516 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=58365 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:19.686235 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58366 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:20.340492 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=58367 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:20.518259 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58368 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:21.968445 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=58369 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:22.150254 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58370 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:24.678232 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40573 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:24.752330 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40574 DF PROTO=TCP SPT=80 DPT=46102 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:25.264335 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=58371 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:25.446250 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58372 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:28.856756 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58373 DF PROTO=TCP SPT=443 DPT=58998 WINDOW=506 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Maching Provider Dictionary
Description
This scenario shows how to drop traffic not matching a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.738 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.738/0.738/0.738/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Feb 19 14:21:36.404364 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32791 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:36.404432 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32792 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:36.604540 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32793 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:36.612357 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32794 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:36.808603 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32795 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:36.816365 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32796 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:37.224559 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32797 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:37.240352 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32798 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:38.056577 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32799 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:38.068446 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32800 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:39.688536 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32801 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:39.700355 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32802 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:43.080571 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32803 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:43.154081 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32804 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:49.736578 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32805 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:49.813803 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32806 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:21:56.368369 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32807 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Feb 19 14:21:56.864370 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32305 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:56.868368 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=32306 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:56.876412 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=32308 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:57.064570 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32309 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:57.081562 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=32310 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:57.268545 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32311 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:57.489568 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=32312 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:57.672553 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32313 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:58.321536 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=32314 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:58.504551 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32315 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:21:59.957477 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=32316 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:22:00.136565 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32317 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:22:02.792574 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32808 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:22:02.869454 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32809 DF PROTO=TCP SPT=80 DPT=37056 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:newserver.com] Feb 19 14:22:03.377403 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=32318 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:22:03.560558 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32319 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Feb 19 14:22:06.860407 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32320 DF PROTO=TCP SPT=443 DPT=57354 WINDOW=506 RES=0x00 ACK FIN URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Matching Remote Dictionary
Description
This scenario shows how to drop traffic not matching a remote dictionary category or reputation.
Phase 1: Override mode - drop by not matching category
Phase 2: Override mode - drop by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - drop by not matching category
Phase 4: Chained mode - drop by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18UwcMEtYT7jCadM6ckV/M0iZEuwgtDN/4= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/DexwBYKPu7gfgF/SgeiNDA4arXRnn8rFJkrIwBL30mIqW9SqaI+lD set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.214 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.214/0.214/0.214/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.com DROPShow output
Feb 19 14:22:38.317470 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=6423 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:38.317517 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6424 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:38.517513 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6425 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:38.517619 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6426 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:38.721335 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6427 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:38.725472 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6428 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:39.125671 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6429 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:39.133474 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6430 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:39.957685 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6431 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:39.965471 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6432 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:41.589696 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6433 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:41.597477 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6434 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:42.325659 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=32585 DF PROTO=TCP SPT=80 DPT=44308 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Feb 19 14:22:42.397208 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32586 DF PROTO=TCP SPT=80 DPT=44308 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Feb 19 14:22:44.885655 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6435 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:44.961120 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6436 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:51.541712 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=6437 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:51.612917 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=6438 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Feb 19 14:22:58.305489 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=6439 DF PROTO=TCP SPT=80 DPT=48310 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX198gSv8XT28csFxvQzaGwQHkAhgVmNSlog= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18m7SRWlBaSFcJug3ZGrjwM7EwUt/xcL1tXCASX8kXyGnVBcicoYUDa set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.221 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.221/0.221/0.221/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 19 14:23:07.193513 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21364 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:07.193596 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21365 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:07.397655 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21366 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:07.400288 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21367 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:07.604357 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21368 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:07.605593 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21369 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:08.021665 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21370 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:08.028369 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21371 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:08.853675 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21372 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:08.864315 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21373 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:10.492272 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21374 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:10.517655 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21375 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:13.813686 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21376 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:13.888169 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21377 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:20.469681 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21378 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:20.543918 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21379 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:27.161479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21380 DF PROTO=TCP SPT=80 DPT=38336 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 19 14:23:50.905478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56116 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:50.905533 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56117 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.105659 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56118 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.109476 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56119 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.309678 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56120 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.313477 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56121 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.733682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56122 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:51.745472 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56123 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:52.565684 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56124 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:52.577483 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56125 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:54.197706 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56126 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:54.205472 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56127 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:54.773692 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52833 DF PROTO=TCP SPT=80 DPT=54974 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:54.842769 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52834 DF PROTO=TCP SPT=80 DPT=54974 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:57.589690 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56128 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:23:57.662683 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56129 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:04.245698 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56130 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:04.314475 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56131 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:10.865474 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=56132 DF PROTO=TCP SPT=80 DPT=38718 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Feb 19 14:24:34.405497 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55620 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:34.405556 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55621 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:34.605410 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55622 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:34.609468 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55623 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:34.809417 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55624 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:34.813481 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55625 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:35.221751 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55626 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:35.225479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55627 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:36.053720 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55628 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:36.057489 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55629 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:37.685674 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55630 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:37.693475 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55631 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:38.361297 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=36894 DF PROTO=TCP SPT=80 DPT=38404 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:38.549656 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=36895 DF PROTO=TCP SPT=80 DPT=38404 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:40.921264 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55632 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:41.109697 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55633 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:47.581004 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55634 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:47.765716 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55635 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Feb 19 14:24:54.385535 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55636 DF PROTO=TCP SPT=80 DPT=59554 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18C74JdMFb4Hen3VP8HnDoMF2aEY7qNv5w= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18T+4bB9GIChsBLe1wY6Gtey3YPlQMmGDREq/lKZssUsFV6d//WBw7u set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+qLdCsqTpxZL41bGVKOejPK4wt/jqdW44= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX189gpwWzv81nMTJ4iA4SGW2fYqyPE23NlJFzhCA+AgOrpIBfNCjLlh0 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.252 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.252/0.252/0.252/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:25:23.985475 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28867 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:23.985549 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28868 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.185645 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28869 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.189482 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28870 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.389761 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28871 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.393494 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28872 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.821736 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28873 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:24.825564 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28874 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:25.653665 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28875 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:25.661475 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28876 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:27.285666 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28877 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:27.289478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28878 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:27.957675 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=16574 DF PROTO=TCP SPT=80 DPT=44726 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:25:28.023593 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16575 DF PROTO=TCP SPT=80 DPT=44726 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:25:30.517678 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28879 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:30.583522 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28880 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:37.173652 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=28881 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:37.239279 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28882 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:43.977484 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28883 DF PROTO=TCP SPT=80 DPT=46042 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/qcDjw0yADfqJG+mBRTTeG9GXe1Vd4SXs= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/TBjVvXVTLk+92qWYUN/lPxiXEM6fLGfh0nfCSMchc2yg/5CSjO6Nc set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19hPZJ9D4laM25EyFnrFsUf3cxkA0G0PFM= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18mw3O5oMIkCockodrc1Bscvb9tmFScr9S37nVGlsoqK85VKOMtRxqH set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.179 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.179/0.179/0.179/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:25:53.109468 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=14238 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.109507 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14239 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.309664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14240 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.314664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14241 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.513654 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14242 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.522671 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14243 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.941664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14244 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:53.942648 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14245 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:54.773661 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14246 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:54.777478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14247 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:56.405644 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14248 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:56.406521 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14249 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:59.701644 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14250 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:25:59.770535 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14251 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:26:06.357647 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14252 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:26:06.422423 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14253 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Feb 19 14:26:13.181591 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=14254 DF PROTO=TCP SPT=80 DPT=46944 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:26:36.809468 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27324 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:36.809514 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27325 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.009684 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27326 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.013174 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27327 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.213789 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27328 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.217155 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27329 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.621210 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27330 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:37.621568 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27331 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:38.453712 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27332 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:38.457479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27333 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:40.085683 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27334 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:40.089478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27335 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:40.725163 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=25693 DF PROTO=TCP SPT=80 DPT=32842 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:40.917676 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=25694 DF PROTO=TCP SPT=80 DPT=32842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:43.477682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27336 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:43.541065 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27337 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:50.133665 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27338 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:50.196820 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27339 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:26:56.809470 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27340 DF PROTO=TCP SPT=80 DPT=55450 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Feb 19 14:27:20.409470 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52877 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:20.409516 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52878 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:20.607749 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52879 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:20.609560 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52880 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:20.811713 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52881 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:20.813582 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52882 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:21.235717 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52883 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:21.237589 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52884 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:22.067688 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52885 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:22.069597 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52886 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:23.699625 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52887 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:23.701590 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52888 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:24.437976 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=49299 DF PROTO=TCP SPT=80 DPT=55680 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:24.499664 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=49300 DF PROTO=TCP SPT=80 DPT=55680 WINDOW=508 RES=0x00 ACK PSH FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:26.997682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52889 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:27.063509 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52890 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:33.653766 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52891 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:33.715229 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52892 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Feb 19 14:27:40.389704 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:31:78:cf:ef:81:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52893 DF PROTO=TCP SPT=80 DPT=35894 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]