App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic Using Custom Dictionary
Description
This scenario shows how to match traffic using a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id custom -1 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.230 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.230/0.230/0.230/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 http-host:webserver.comShow output
Apr 16 14:48:52.779973 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35507 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Apr 16 14:48:52.835809 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=35508 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Apr 16 14:48:52.836891 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35509 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 ssl-host:webserver.comShow output
Apr 16 14:48:52.779973 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35507 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Apr 16 14:48:52.835809 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=35508 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Apr 16 14:48:52.836891 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35509 DF PROTO=TCP SPT=80 DPT=44642 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com] Apr 16 14:48:53.023225 osdx OSDxCLI[3116]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Apr 16 14:48:53.299978 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10044 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.614576 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=10045 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.616183 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10047 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.617203 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=10048 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.617504 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10049 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=504 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.620905 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=221 TOS=0x00 PREC=0x00 TTL=64 ID=10050 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.620929 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=143 TOS=0x00 PREC=0x00 TTL=64 ID=10051 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Apr 16 14:48:53.623979 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10052 DF PROTO=TCP SPT=443 DPT=55086 WINDOW=504 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 ssl-host:webserver.com]
Match Traffic Using Provider Dictionary
Description
This scenario shows how to match traffic using a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id engine 128 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.316 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.316/0.316/0.316/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 http-host:webserver.comShow output
Apr 16 14:49:02.306350 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15253 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Apr 16 14:49:02.307289 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=15254 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Apr 16 14:49:02.307524 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15255 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 ssl-host:webserver.comShow output
Apr 16 14:49:02.306350 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15253 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Apr 16 14:49:02.307289 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=15254 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Apr 16 14:49:02.307524 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15255 DF PROTO=TCP SPT=80 DPT=42144 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com] Apr 16 14:49:02.473958 osdx OSDxCLI[3116]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Apr 16 14:49:02.735310 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63825 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.743510 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=63826 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.743624 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=63828 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.743639 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=63829 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.747332 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63830 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=504 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.747419 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=63831 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.747474 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=143 TOS=0x00 PREC=0x00 TTL=64 ID=63832 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Apr 16 14:49:02.751303 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63833 DF PROTO=TCP SPT=443 DPT=47862 WINDOW=504 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 ssl-host:webserver.com]
Match Traffic Using Remote Dictionary
Description
This scenario shows how to match traffic using a remote dictionary with category and reputation selectors.
Phase 1: Override mode - match by category
Phase 2: Override mode - match by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - match by category
Phase 4: Chained mode - match by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+aSv5vyoXxSquuW7K7lPhqRsq4sHmDukw= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+e6vbQKpEwJkpXQfmhvcKVTBp+avBfiUiRc6OiBtGrBsVKB50znQZP set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.285 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.285/0.285/0.285/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.comShow output
Apr 16 14:49:13.403563 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37847 DF PROTO=TCP SPT=80 DPT=35382 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:49:13.403629 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37848 DF PROTO=TCP SPT=80 DPT=35382 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:49:13.403671 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37849 DF PROTO=TCP SPT=80 DPT=35382 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18Z0NUPM5Uh62j+UdPSRJlr1ISN8CmA74o= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19yY33xqPYXkJYd0iIbkwSURA5JaP1FYhmwD5FBlDeFbdV5GsCW/3AS set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.306 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.306/0.306/0.306/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Apr 16 14:49:23.815565 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34313 DF PROTO=TCP SPT=80 DPT=48648 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:23.815668 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34314 DF PROTO=TCP SPT=80 DPT=48648 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:23.820964 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34315 DF PROTO=TCP SPT=80 DPT=48648 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Apr 16 14:49:27.519548 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63592 DF PROTO=TCP SPT=80 DPT=48656 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:27.519588 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63593 DF PROTO=TCP SPT=80 DPT=48656 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:27.519602 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63594 DF PROTO=TCP SPT=80 DPT=48656 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Apr 16 14:49:30.951553 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55334 DF PROTO=TCP SPT=80 DPT=55370 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:30.951617 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55335 DF PROTO=TCP SPT=80 DPT=55370 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:30.951636 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55336 DF PROTO=TCP SPT=80 DPT=55370 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX197ysJZ1r4AW8kZAS51YRpzfL/1JZRHDKM= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18wA6ejW12tN5WxqtQLHRKFxAYS08p5tYMz8rYEqGolzF0sl1YwwIGk set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19B/MKY1cEzDXp6Wyq4hW1sgNwv1Hwhc6I= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/BegsevQlUgD/Ug8FjIy5nAA/40HyxXxKT5QozJyH2Csmqf9135peY set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.180 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.180/0.180/0.180/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:49:39.831590 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16522 DF PROTO=TCP SPT=80 DPT=55382 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:39.831666 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=16523 DF PROTO=TCP SPT=80 DPT=55382 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:39.835555 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=16524 DF PROTO=TCP SPT=80 DPT=55382 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/mDuq0yIDI7Sc/2His6m+ufm7nw5WsOB4= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX18utb9EcJYMRr3yRxGL6Q8ddf1u9bxmxdutG/ZVIJZHyidlQ978KSIK set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+7ltzijqz+AJ4KD6sheqIPFa4a19doNKo= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/JW4DmxZtS8kWIphfZPQjZBdVdC6DIFg7FJ3vrfYiK5tKqt4kSGmCu set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=2.16 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.156/2.156/2.156/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:49:50.403986 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=36665 DF PROTO=TCP SPT=80 DPT=39138 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:50.404044 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=36666 DF PROTO=TCP SPT=80 DPT=39138 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:49:50.407552 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=36667 DF PROTO=TCP SPT=80 DPT=39138 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:49:54.343557 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32924 DF PROTO=TCP SPT=80 DPT=39162 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:49:54.343624 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=32925 DF PROTO=TCP SPT=80 DPT=39162 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:49:54.343642 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=32926 DF PROTO=TCP SPT=80 DPT=39162 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:49:57.951551 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19442 DF PROTO=TCP SPT=80 DPT=39170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:49:57.951610 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=19443 DF PROTO=TCP SPT=80 DPT=39170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:49:57.951623 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=19444 DF PROTO=TCP SPT=80 DPT=39170 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Drop Traffic Not Maching Custom Dictionary
Description
This scenario shows how to drop traffic not matching a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.2 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id custom -1
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.242 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Apr 16 14:50:06.706103 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=65010 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:06.706177 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65011 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:06.910110 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65012 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:06.910162 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65013 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:07.110192 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65014 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:07.110965 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65015 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:07.534314 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65016 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:07.535011 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65017 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:08.366310 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65018 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:08.370983 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65019 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:09.998293 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65020 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:10.002907 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65021 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:13.294404 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65022 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:13.390836 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65023 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:19.950321 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65024 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:20.046607 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65025 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Apr 16 14:50:27.198160 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38313 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.202075 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=38314 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.214086 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=38316 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.398266 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38317 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.422100 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=38318 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.602287 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38319 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:27.822270 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=38320 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:28.014380 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38321 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:28.654302 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=38322 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:28.846376 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38323 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:30.290190 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=38324 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:30.478286 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38325 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:33.006365 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=65026 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:33.102057 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=65027 DF PROTO=TCP SPT=80 DPT=34280 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:33.618019 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=38326 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:50:33.774282 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38327 DF PROTO=TCP SPT=443 DPT=40562 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Maching Provider Dictionary
Description
This scenario shows how to drop traffic not matching a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.279 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.279/0.279/0.279/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Apr 16 14:50:45.794664 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=37005 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:45.794723 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37006 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:45.995862 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37007 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:45.996510 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37008 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:46.199931 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37009 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:46.200512 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37010 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:46.615872 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37011 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:46.616557 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37012 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:47.447808 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37013 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:47.448489 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37014 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:49.080591 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37015 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:49.084396 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37016 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:52.312618 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37017 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:52.407664 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37018 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:58.968629 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37019 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:50:59.063479 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37020 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Apr 16 14:51:06.296400 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35782 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.300400 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=35783 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.308390 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=35785 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.496594 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35786 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.512406 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35787 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.700589 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35788 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:06.935061 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35789 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:07.128619 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35790 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:07.771021 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35791 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:07.960588 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35792 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:09.398965 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35793 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:09.592585 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35794 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:12.024605 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=37021 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:51:12.118847 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=37022 DF PROTO=TCP SPT=80 DPT=38102 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Apr 16 14:51:12.630802 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=35795 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Apr 16 14:51:13.048624 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35796 DF PROTO=TCP SPT=443 DPT=53896 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Matching Remote Dictionary
Description
This scenario shows how to drop traffic not matching a remote dictionary category or reputation.
Phase 1: Override mode - drop by not matching category
Phase 2: Override mode - drop by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - drop by not matching category
Phase 4: Chained mode - drop by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19a72HnF7agIobseX1wSLzV+GxL+hMcgmc= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19RMN5oUOE2IwHix3mPMRm3WRKDy7rEL7/zJFXs47VQaWO6yvt8Xrd4 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.604 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.604/0.604/0.604/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.com DROPShow output
Apr 16 14:51:49.673262 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55664 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:49.673366 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55665 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:49.870265 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55666 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:49.873379 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55667 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:50.077441 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55668 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:50.078187 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55669 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:50.481524 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55670 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:50.510234 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55671 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:51.313457 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55672 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:51.346242 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55673 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:52.945452 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55674 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:52.974168 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55675 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:53.614111 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2762 DF PROTO=TCP SPT=80 DPT=55098 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Apr 16 14:51:53.777443 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2763 DF PROTO=TCP SPT=80 DPT=55098 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Apr 16 14:51:56.337484 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55676 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:51:56.430023 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55677 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:52:02.993489 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55678 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Apr 16 14:52:03.085774 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55679 DF PROTO=TCP SPT=80 DPT=54304 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+S/3FxEAvLmui9g4eUnnyd77N26IyU2Oo= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/VETHBmavPv5KiVsqNvLyzhgbOPf7bTrQIoShTry76q/PhkBanabfe set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.254 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.254/0.254/0.254/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Apr 16 14:52:18.301243 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=12620 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:18.313245 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12621 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:18.501412 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12622 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:18.513168 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12623 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:18.705458 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12624 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:18.721131 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12625 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:19.121434 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12626 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:19.149119 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12627 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:19.953485 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12628 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:19.985131 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12629 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:21.585552 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12630 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:21.617038 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12631 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:24.844931 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12632 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:25.009443 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12633 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:31.500655 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12634 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:52:31.665460 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12635 DF PROTO=TCP SPT=80 DPT=43590 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Apr 16 14:53:02.209257 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34871 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:02.209344 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34872 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:02.407490 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34873 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:02.413245 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34874 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:02.611473 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34875 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:02.617241 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34876 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:03.023463 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34877 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:03.029247 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34878 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:03.851488 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34879 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:03.861267 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34880 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:05.487390 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34881 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:05.493248 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34882 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:06.063351 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51215 DF PROTO=TCP SPT=80 DPT=49346 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:06.225474 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51216 DF PROTO=TCP SPT=80 DPT=49346 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:08.785570 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34883 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:08.879274 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34884 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:15.441449 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34885 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:15.534991 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34886 DF PROTO=TCP SPT=80 DPT=37900 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Apr 16 14:53:45.873246 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8577 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:45.873306 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8578 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.073493 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8579 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.073682 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8580 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.277429 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8581 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.281710 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8582 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.697789 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8583 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:46.705423 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8584 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:47.529771 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8585 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:47.537471 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8586 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:49.165690 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8587 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:49.169424 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8588 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:49.837718 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=61560 DF PROTO=TCP SPT=80 DPT=55762 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:50.001479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=61561 DF PROTO=TCP SPT=80 DPT=55762 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:52.393623 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8589 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:52.561440 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8590 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:59.053315 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8591 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Apr 16 14:53:59.217448 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=8592 DF PROTO=TCP SPT=80 DPT=56410 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/ZQsKbBDSYYdlJSGVQ0LEIZkSTIyEtCKU= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/mo6b+OfpySR5kTZF3zUd+fIobKIMFWTHJHsjp/L7Q3z1YqQxh7Zqb set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19nkbg0Hn9mIIAA/kbl/53Z6Ra9b3OKgIk= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18EJRP2NUDH/u514n6jeqRpdYMIGjrgP2Yd6mHjv6yYvnkAqhrExiJZ set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.291 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.291/0.291/0.291/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:54:35.753254 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40215 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:35.753343 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40216 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:35.953442 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40217 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:35.955855 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40218 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:36.157467 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40219 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:36.159791 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40220 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:36.561487 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40221 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:36.583910 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40222 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:37.393477 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40223 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:37.419836 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40224 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:39.025456 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40225 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:39.051830 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40226 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:39.665480 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=35029 DF PROTO=TCP SPT=80 DPT=38330 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:54:39.751733 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=35030 DF PROTO=TCP SPT=80 DPT=38330 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:54:42.311670 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40227 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:42.481453 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40228 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:48.967386 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40229 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:54:49.137450 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40230 DF PROTO=TCP SPT=80 DPT=34258 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18JvWAE/V0Atb5ssiOHRdywk/145RsvX0E= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+KZIqNrV3np2KLe9o0g7rHGXjPncXFNXP5IwnJl+71KpDp0eYPWzJ0 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+ooZgbPATRz0aC+ONXqPsOAJcEF7/3cyc= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+FCHcXWlsZTOLdnDJCFSfAFRw2YM/dYvgd6gwTyw8S1Ui3DO0ckrV8 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.180 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.180/0.180/0.180/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:55:06.021254 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=2631 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.021315 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2632 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.218766 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2633 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.221439 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2634 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.422738 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2635 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.425361 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2636 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.833452 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2637 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:06.858697 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2638 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:07.665478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2639 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:07.686675 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2640 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:09.297493 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2641 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:09.322632 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2642 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:12.689487 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2643 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:12.774480 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2644 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:19.345471 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=2645 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Apr 16 14:55:19.430257 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=2646 DF PROTO=TCP SPT=80 DPT=43616 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:55:49.961245 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=12831 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:49.961301 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12832 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.161061 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12833 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.165242 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12834 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.365249 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12835 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.365321 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12836 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.769460 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12837 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:50.788988 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12838 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:51.601472 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12839 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:51.620999 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12840 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:53.233458 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12841 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:53.256907 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12842 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:53.905431 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=14120 DF PROTO=TCP SPT=80 DPT=59256 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:53.988917 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=14121 DF PROTO=TCP SPT=80 DPT=59256 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:56.466450 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12843 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:55:56.548812 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12844 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:03.121437 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=12845 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:03.204540 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=12846 DF PROTO=TCP SPT=80 DPT=57702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Apr 16 14:56:33.665337 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=26864 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:33.665434 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26865 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:33.865404 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26866 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:33.867300 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26867 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:34.069411 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26868 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:34.075296 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26869 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:34.481419 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26870 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:34.503448 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26871 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:35.313445 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26872 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:35.331341 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26873 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:36.945479 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26874 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:36.963292 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26875 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:37.511239 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=56644 DF PROTO=TCP SPT=80 DPT=43452 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:37.681498 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=56645 DF PROTO=TCP SPT=80 DPT=43452 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:40.241410 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26876 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:40.323156 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26877 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:46.897618 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26878 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Apr 16 14:56:46.982902 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:30:0e:bf:ec:84:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26879 DF PROTO=TCP SPT=80 DPT=51630 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]