App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic Using Custom Dictionary
Description
This scenario shows how to match traffic using a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id custom -1 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.573 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.573/0.573/0.573/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 http-host:webserver.comShow output
May 04 21:35:09.820103 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=41613 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] May 04 21:35:09.820144 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=41614 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] May 04 21:35:09.824061 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=41615 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 ssl-host:webserver.comShow output
May 04 21:35:09.820103 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=41613 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] May 04 21:35:09.820144 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=41614 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] May 04 21:35:09.824061 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=41615 DF PROTO=TCP SPT=80 DPT=56384 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com] May 04 21:35:09.978657 osdx OSDxCLI[2923]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. May 04 21:35:10.200063 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=65030 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.438009 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=65031 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.441389 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=65033 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.448384 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=65034 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.452082 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=65035 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.452132 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=65036 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.461910 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=65037 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] May 04 21:35:10.464086 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=65038 DF PROTO=TCP SPT=443 DPT=41682 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 ssl-host:webserver.com]
Match Traffic Using Provider Dictionary
Description
This scenario shows how to match traffic using a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id engine 128 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.569 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.569/0.569/0.569/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 http-host:webserver.comShow output
May 04 21:35:17.586366 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63620 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] May 04 21:35:17.586450 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63621 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] May 04 21:35:17.589819 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63622 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 ssl-host:webserver.comShow output
May 04 21:35:17.586366 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63620 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] May 04 21:35:17.586450 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63621 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] May 04 21:35:17.589819 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63622 DF PROTO=TCP SPT=80 DPT=34024 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com] May 04 21:35:17.749668 osdx OSDxCLI[2923]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. May 04 21:35:17.977818 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35288 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.981489 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=35289 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.985821 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=35291 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.985861 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=35292 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.985874 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=35293 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.985885 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=35294 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] May 04 21:35:17.985896 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=35295 DF PROTO=TCP SPT=443 DPT=47392 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 ssl-host:webserver.com]
Match Traffic Using Remote Dictionary
Description
This scenario shows how to match traffic using a remote dictionary with category and reputation selectors.
Phase 1: Override mode - match by category
Phase 2: Override mode - match by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - match by category
Phase 4: Chained mode - match by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/+KedFXB8pRQW59qy3PAJ3j37PlE5yckQ= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+taybvqxJ2CPGwCjWftWlQVXvusqrmPwlih6ypObd/Kj5OqKIzzlqn set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.645 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.645/0.645/0.645/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.comShow output
May 04 21:35:27.615622 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45309 DF PROTO=TCP SPT=80 DPT=53398 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:35:27.615674 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=45310 DF PROTO=TCP SPT=80 DPT=53398 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:35:27.615688 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=45311 DF PROTO=TCP SPT=80 DPT=53398 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+BwvLT1r+edTJ5YaK8iHfBMnr/o7OXe/I= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/8XZCXSVgT3HgHaorhgrmOKLpZiP9BqfWo1xgLUo9DUYIFDuo/fbfX set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.686 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.686/0.686/0.686/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
May 04 21:35:34.959046 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64684 DF PROTO=TCP SPT=80 DPT=53426 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:34.959089 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=64685 DF PROTO=TCP SPT=80 DPT=53426 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:34.963614 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=64686 DF PROTO=TCP SPT=80 DPT=53426 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
May 04 21:35:38.383645 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51892 DF PROTO=TCP SPT=80 DPT=56472 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:38.383686 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51893 DF PROTO=TCP SPT=80 DPT=56472 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:38.383695 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51894 DF PROTO=TCP SPT=80 DPT=56472 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
May 04 21:35:41.779608 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38254 DF PROTO=TCP SPT=80 DPT=56492 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:41.779639 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38255 DF PROTO=TCP SPT=80 DPT=56492 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:35:41.779653 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38256 DF PROTO=TCP SPT=80 DPT=56492 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+Mv3NqWl8nV6byhc0K142qDMqrV5R9U/k= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/pM5z2UYBLfQRSzurtV/Hq5Dhe7Oe0Dr1kQm1UnuiGDDTZ1Wi4TajK set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+317jQWe0C5pyCfxpM0ACWZuIaEM1+WOM= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19oOsUiQ7JC08NuxVMcmnhJlD4qUZABaHZ5ZlOx2pEfGOBC15QDkn/F set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.492 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.492/0.492/0.492/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:35:49.695611 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=TCP SPT=80 DPT=33950 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:35:49.695648 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21874 DF PROTO=TCP SPT=80 DPT=33950 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:35:49.699619 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21875 DF PROTO=TCP SPT=80 DPT=33950 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18fVbyHrYBxNE6YGRDbJbdc7p6+bhMu24M= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1++FX3t0FVpuCimZbpRACMeoXzen9VSHiOkxZiop3jd1Iu0mlPK9mGK set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+EMJ8570fCwevOdSIU6JTpxDHxZBT6sBs= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+WaEQgV5wjzPjqATZCxtsHxoQrpJ815aFHRIdX4JUeZa5sMBcTBB6Z set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.231 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.231/0.231/0.231/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:35:57.975612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18364 DF PROTO=TCP SPT=80 DPT=44806 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:35:57.975655 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=18365 DF PROTO=TCP SPT=80 DPT=44806 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:35:57.975667 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18366 DF PROTO=TCP SPT=80 DPT=44806 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:36:01.407612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=5506 DF PROTO=TCP SPT=80 DPT=44830 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:36:01.407669 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=5507 DF PROTO=TCP SPT=80 DPT=44830 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:36:01.411616 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=5508 DF PROTO=TCP SPT=80 DPT=44830 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:36:04.835612 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15198 DF PROTO=TCP SPT=80 DPT=44854 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:36:04.835656 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=15199 DF PROTO=TCP SPT=80 DPT=44854 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:36:04.835665 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=15200 DF PROTO=TCP SPT=80 DPT=44854 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Drop Traffic Not Maching Custom Dictionary
Description
This scenario shows how to drop traffic not matching a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.2 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id custom -1
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.174 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.174/0.174/0.174/0.000 ms
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
May 04 21:36:11.875279 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63284 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:11.875324 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63285 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.075276 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63286 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.075416 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63287 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.279286 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63288 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.279425 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63289 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.687471 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63290 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:12.703277 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63291 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:13.519673 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63292 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:13.539210 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63293 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:15.151460 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63294 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:15.171058 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63295 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:18.511448 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63296 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:18.527278 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63297 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:25.167456 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63298 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:25.183277 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63299 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
May 04 21:36:32.283278 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=5345 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.287274 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=5346 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.291272 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=5348 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.483480 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5349 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.498494 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5350 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.687630 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5351 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:32.926533 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5352 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:33.103633 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5353 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:33.762503 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5354 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:33.935441 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5355 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:35.422422 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5356 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:35.567455 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5357 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:38.223759 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63300 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:38.238296 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63301 DF PROTO=TCP SPT=80 DPT=56266 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:38.750278 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=5358 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:36:38.991447 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=5359 DF PROTO=TCP SPT=443 DPT=59018 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Maching Provider Dictionary
Description
This scenario shows how to drop traffic not matching a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.400 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.400/0.400/0.400/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
May 04 21:36:48.836841 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58719 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:48.836883 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58720 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.036995 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58721 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.044802 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58722 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.240982 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58723 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.252806 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58724 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.661120 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58725 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:49.676829 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58726 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:50.493027 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58727 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:50.508812 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58728 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:52.124995 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58729 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:52.171320 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58730 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:55.548973 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58731 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:36:55.564813 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58732 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:37:02.204990 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58733 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:37:02.220807 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58734 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
May 04 21:37:09.232816 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10444 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.236805 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=10445 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.242560 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=10447 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.433171 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10448 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.450666 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10449 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.637133 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10450 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:09.866863 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10451 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:10.045094 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10452 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:10.698634 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10453 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:10.877128 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10454 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:12.366553 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10455 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:12.508933 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10456 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:15.264863 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58735 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:37:15.530522 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58736 DF PROTO=TCP SPT=80 DPT=40898 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] May 04 21:37:15.773095 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10457 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] May 04 21:37:15.786491 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=10458 DF PROTO=TCP SPT=443 DPT=37982 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Matching Remote Dictionary
Description
This scenario shows how to drop traffic not matching a remote dictionary category or reputation.
Phase 1: Override mode - drop by not matching category
Phase 2: Override mode - drop by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - drop by not matching category
Phase 4: Chained mode - drop by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18u/ybXVTtmYY6mzTyQl072/gMGkUs/u48= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+bQEma8XfYZ9oZzANqJ47DQtpxdsDzJg8ceqwpNnUaW/6RpJRIRmjn set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.242 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.242/0.242/0.242/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.com DROPShow output
May 04 21:37:48.919174 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38655 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:48.919218 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38656 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.119602 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38657 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.123680 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38658 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.323585 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38659 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.331527 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38660 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.731407 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38661 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:49.747489 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38662 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:50.563413 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38663 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:50.579540 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38664 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:52.195366 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38665 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:52.243377 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38666 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:52.995428 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27032 DF PROTO=TCP SPT=80 DPT=47702 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] May 04 21:37:53.267610 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27033 DF PROTO=TCP SPT=80 DPT=47702 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] May 04 21:37:55.555438 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38667 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:37:55.571388 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38668 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:38:02.211343 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38669 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] May 04 21:38:02.227064 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38670 DF PROTO=TCP SPT=80 DPT=58960 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+vpNafeerEtkq732Zjf/zKHE7DrkL9VKg= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/cfxJyZYFgvjny+gf6Aq/oYlPrp2Jui2gYLcIKHymPgjEaGTXpzCrh set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.546 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.546/0.546/0.546/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
May 04 21:38:16.811170 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42778 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:16.811230 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42779 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.011382 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42780 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.014489 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42781 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.215352 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42782 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.222468 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42783 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.635335 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42784 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:17.646447 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42785 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:18.467583 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42786 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:18.482535 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42787 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:20.099588 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42788 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:20.146725 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42789 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:23.459345 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42790 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:23.474222 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42791 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:30.115595 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42792 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:38:30.129967 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42793 DF PROTO=TCP SPT=80 DPT=41694 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
May 04 21:39:00.271269 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63248 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:00.271325 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63249 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:00.471370 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63250 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:00.472854 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63251 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:00.675390 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63252 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:00.680853 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63253 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:01.091669 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63254 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:01.105039 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63255 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:01.923435 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63256 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:01.932798 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63257 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:03.555350 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63258 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:03.596761 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63259 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:04.419370 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=25473 DF PROTO=TCP SPT=80 DPT=52136 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:04.684841 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=25474 DF PROTO=TCP SPT=80 DPT=52136 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:06.979386 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63260 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:06.992711 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63261 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:13.635349 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63262 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:13.644389 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63263 DF PROTO=TCP SPT=80 DPT=52548 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
May 04 21:39:43.743173 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=52790 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:43.743210 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52791 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:43.943376 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52792 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:43.947296 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52793 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:44.147349 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52794 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:44.155309 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52795 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:44.579366 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52796 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:44.591266 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52797 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:45.411343 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52798 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:45.419214 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52799 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:47.043360 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52800 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:47.083208 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52801 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:47.939352 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27751 DF PROTO=TCP SPT=80 DPT=52946 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:48.203178 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27752 DF PROTO=TCP SPT=80 DPT=52946 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:50.499391 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52802 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:50.511126 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52803 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:57.155461 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=52804 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] May 04 21:39:57.162907 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=52805 DF PROTO=TCP SPT=80 DPT=39008 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18FZ+/4uc11ECc50GnerowfHCmnGJVC20I= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19GBt4IjmKEw22Lcr4AFr3a01qwv38jSL002WQegCYwoqeUvZK9UGg4 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+tgw0mM5A2Zh0ZiVhWMnO4EEQ4xDl2Rn8= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19KPAyWe8VUaDNO7Lp2EgRz8ofBQBK3AVbeKnlei9H9izo6WzfgboDk set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.245 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.245/0.245/0.245/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:40:32.051167 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=40859 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.051196 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40860 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.251333 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40861 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.253492 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40862 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.455334 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40863 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.461537 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40864 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.867683 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40865 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:32.873625 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40866 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:33.699419 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40867 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:33.709531 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40868 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:35.331328 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40869 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:35.369454 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40870 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:36.067378 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17748 DF PROTO=TCP SPT=80 DPT=42794 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:40:36.589440 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=17749 DF PROTO=TCP SPT=80 DPT=42794 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:40:38.627356 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40871 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:38.893387 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40872 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:45.287177 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=40873 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:40:45.545183 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=40874 DF PROTO=TCP SPT=80 DPT=53080 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+thu8zFUNCeeRL/DXNaKHOBLHesXNGmEE= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1+aKWsYGFJhcaRtOggxiWzCaDLzq0X455ClzMSOCyxZ21baklVk+4kw set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+T7YnbukgGiST2x87ehnbCY8Qc0/O9/WA= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX19jc6zsH6GxXKL63ptvN9Z9uTkv+TEH/tpp6kI8Y5Fuz5WX6GFyfbnj set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.171 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.171/0.171/0.171/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:41:00.519171 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=7619 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:00.519210 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7620 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:00.719359 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7621 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:00.720478 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7622 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:00.923414 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7623 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:00.928509 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7624 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:01.347389 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7625 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:01.356499 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7626 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:02.179387 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7627 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:02.188416 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7628 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:03.811348 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7629 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:03.820366 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7630 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:07.043347 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7631 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:07.048226 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7632 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:13.699377 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=7633 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] May 04 21:41:13.708006 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=7634 DF PROTO=TCP SPT=80 DPT=51508 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:41:43.955220 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=29045 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:43.955273 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29046 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.154980 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29047 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.155249 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29048 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.358960 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29049 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.359246 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29050 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.771352 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29051 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:44.778863 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29052 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:45.603570 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29053 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:45.610961 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29054 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:47.235324 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29055 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:47.242764 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29056 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:48.003360 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26144 DF PROTO=TCP SPT=80 DPT=55250 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:48.006774 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26145 DF PROTO=TCP SPT=80 DPT=55250 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:50.563342 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29057 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:50.567166 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29058 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:57.219600 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=29059 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:41:57.223189 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29060 DF PROTO=TCP SPT=80 DPT=34690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
May 04 21:42:27.427170 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=62352 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:27.427212 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62353 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:27.627352 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62354 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:27.633333 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62355 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:27.831753 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62356 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:27.841633 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62357 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:28.259400 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62358 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:28.261267 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62359 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:29.091370 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62360 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:29.095164 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62361 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:30.723351 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62362 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:30.727165 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62363 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:31.523368 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23690 DF PROTO=TCP SPT=80 DPT=58662 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:31.525149 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23691 DF PROTO=TCP SPT=80 DPT=58662 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:34.083362 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62364 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:34.087169 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62365 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:40.739362 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=62366 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] May 04 21:42:40.743168 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:04:aa:25:a3:32:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=62367 DF PROTO=TCP SPT=80 DPT=43170 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]