App Id
The following scenario shows how to filter packets based on app-id using traffic selectors.
Match Traffic Using Custom Dictionary
Description
This scenario shows how to match traffic using a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.1 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id custom -1 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.335 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.335/0.335/0.335/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 http-host:webserver.comShow output
Jun 04 14:32:14.011017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8132 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Jun 04 14:32:14.011070 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8133 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Jun 04 14:32:14.011081 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8134 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U6:1 ssl-host:webserver.comShow output
Jun 04 14:32:14.011017 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8132 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U6:1 http-host:webserver.com] Jun 04 14:32:14.011070 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=8133 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 http-host:webserver.com] Jun 04 14:32:14.011081 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=8134 DF PROTO=TCP SPT=80 DPT=44568 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 http-host:webserver.com] Jun 04 14:32:14.171285 osdx OSDxCLI[393060]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Jun 04 14:32:14.407023 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38977 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411019 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=38978 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411067 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=38980 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411079 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=38981 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411091 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38982 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=504 RES=0x00 ACK URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411103 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=38983 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.411116 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=143 TOS=0x00 PREC=0x00 TTL=64 ID=38984 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=504 RES=0x00 ACK PSH URGP=0 APPDETECT[U6:1 ssl-host:webserver.com] Jun 04 14:32:14.415010 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=38985 DF PROTO=TCP SPT=443 DPT=36776 WINDOW=504 RES=0x00 ACK FIN URGP=0 APPDETECT[U6:1 ssl-host:webserver.com]
Match Traffic Using Provider Dictionary
Description
This scenario shows how to match traffic using a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id engine 128 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.486 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.486/0.486/0.486/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://webserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 http-host:webserver.comShow output
Jun 04 14:32:22.143836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30267 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Jun 04 14:32:22.143895 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=30268 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Jun 04 14:32:22.147838 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30269 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com]
Step 6: Run command system journal clear at DUT0.
Step 7: Run command file copy https://webserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U128:1 ssl-host:webserver.comShow output
Jun 04 14:32:22.143836 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30267 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U128:1 http-host:webserver.com] Jun 04 14:32:22.143895 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=30268 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 http-host:webserver.com] Jun 04 14:32:22.147838 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=30269 DF PROTO=TCP SPT=80 DPT=54594 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 http-host:webserver.com] Jun 04 14:32:22.334896 osdx OSDxCLI[393060]: User 'admin' executed a new command: 'system journal show | grep APPDETECT'. Jun 04 14:32:22.551829 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=5335 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.560015 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=5336 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.560047 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=103 TOS=0x00 PREC=0x00 TTL=64 ID=5338 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.560056 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=121 TOS=0x00 PREC=0x00 TTL=64 ID=5339 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.560064 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=90 TOS=0x00 PREC=0x00 TTL=64 ID=5340 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.560074 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=5341 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=505 RES=0x00 ACK PSH URGP=0 APPDETECT[U128:1 ssl-host:webserver.com] Jun 04 14:32:22.563834 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=5342 DF PROTO=TCP SPT=443 DPT=35312 WINDOW=505 RES=0x00 ACK FIN URGP=0 APPDETECT[U128:1 ssl-host:webserver.com]
Match Traffic Using Remote Dictionary
Description
This scenario shows how to match traffic using a remote dictionary with category and reputation selectors.
Phase 1: Override mode - match by category
Phase 2: Override mode - match by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - match by category
Phase 4: Chained mode - match by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+Jjd0ZEQq00xZ0bP5ovK+bCa06bcdCPvk= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1/p4t2lxWWikeTQsV14B50c+6Dobmiqp3UkxfLJ7Wk9ubxbqARarw2S set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.267 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.267/0.267/0.267/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.comShow output
Jun 04 14:32:32.540941 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=3423 DF PROTO=TCP SPT=80 DPT=57302 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:32:32.540980 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=3424 DF PROTO=TCP SPT=80 DPT=57302 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:32:32.544355 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=3425 DF PROTO=TCP SPT=80 DPT=57302 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX1+6KomXMDUSuVm9jPhX3mOCuasoGAHZBus= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+P9lAPpFh3ReZwUx9cDqAFH9X7aiUT56/1GZkUymQXzF29aXnZQgz8 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.504 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.504/0.504/0.504/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Jun 04 14:32:39.888362 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=61077 DF PROTO=TCP SPT=80 DPT=40932 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:39.888411 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=61078 DF PROTO=TCP SPT=80 DPT=40932 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:39.888422 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=61079 DF PROTO=TCP SPT=80 DPT=40932 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Jun 04 14:32:43.332362 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=17829 DF PROTO=TCP SPT=80 DPT=40942 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:43.332403 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=17830 DF PROTO=TCP SPT=80 DPT=40942 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:43.332412 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=17831 DF PROTO=TCP SPT=80 DPT=40942 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.comShow output
Jun 04 14:32:46.844363 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34341 DF PROTO=TCP SPT=80 DPT=40948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:46.844410 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34342 DF PROTO=TCP SPT=80 DPT=40948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:46.844420 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=34343 DF PROTO=TCP SPT=80 DPT=40948 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1/iXRgIsQiykNCowcdCEpbwMnbdH61yLtY= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19o45iLaoEFWNgKvA+mAFuyRBOgDW04a6xrfsu1cV+EjaXFWZqJ8V0Z set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18WfVDJg8pXm6UL6fPFD8A0zMOU68WJRmI= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1+HoQ0Js53q/mVAGdb9SXycigYaefBVSFy/Puyz++3cmMCbdYrBrgZD set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id category 7 set traffic selector SEL rule 1 app-detect state detected
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.236 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.236/0.236/0.236/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:32:55.136360 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28931 DF PROTO=TCP SPT=80 DPT=36862 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:55.136399 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=28932 DF PROTO=TCP SPT=80 DPT=36862 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:32:55.136409 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28933 DF PROTO=TCP SPT=80 DPT=36862 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX1+07j/n6l+DCgSwgyHfC4nyv3PLGaiKEbI= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX1831ZaxPn8nX5o7iXiYIN3FcqU2BpAIgj3ytdLrNEVq5iD/PIjClRM3 set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19z5ot5FWpPdW7uWdQmOWdKW4tz7HHsl3o= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18KddJpZ+3fXGvuP0/H8fUy6lPB2VGMkr+mwj1XZ4Puns2maVW3lXDg set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.423 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.423/0.423/0.423/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:33:03.197752 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18382 DF PROTO=TCP SPT=80 DPT=59674 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:33:03.197798 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=18383 DF PROTO=TCP SPT=80 DPT=59674 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:33:03.200365 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18384 DF PROTO=TCP SPT=80 DPT=59674 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:33:06.660369 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=20230 DF PROTO=TCP SPT=80 DPT=59690 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:33:06.660416 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=20231 DF PROTO=TCP SPT=80 DPT=59690 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:33:06.660426 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=20232 DF PROTO=TCP SPT=80 DPT=59690 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:33:10.264359 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=29099 DF PROTO=TCP SPT=80 DPT=49908 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:33:10.264418 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=29100 DF PROTO=TCP SPT=80 DPT=49908 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:33:10.264432 osdx kernel: [POL-1] ACCEPT IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=29101 DF PROTO=TCP SPT=80 DPT=49908 WINDOW=508 RES=0x00 ACK FIN URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Drop Traffic Not Maching Custom Dictionary
Description
This scenario shows how to drop traffic not matching a custom dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 custom app-id 1 fqdn webserver.com set system conntrack app-detect dictionary 1 custom app-id 2 fqdn 10.215.168.2 set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id custom -1
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.161 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.161/0.161/0.161/0.000 ms
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Jun 04 14:33:16.926382 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=58170 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:16.926428 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58171 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.126396 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58172 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.126497 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58173 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.330078 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58174 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.334375 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58175 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.742378 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58176 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:17.758380 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58177 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:18.570520 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58178 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:18.594377 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58179 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:20.202554 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58180 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:20.226016 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58181 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:23.470385 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58182 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:23.613862 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58183 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:30.122574 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58184 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:30.273608 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58185 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Jun 04 14:33:37.346379 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=17742 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.350369 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=17743 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.354438 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=17745 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.546558 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17746 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.558377 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=17747 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.750557 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17748 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:37.981329 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=17749 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:38.154565 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17750 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:38.814382 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=17751 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:38.986608 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17752 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:40.445291 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=17753 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:40.618539 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17754 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:43.178558 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=58186 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:43.325140 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=58187 DF PROTO=TCP SPT=80 DPT=46024 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:43.837223 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=17755 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:33:43.946540 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=17756 DF PROTO=TCP SPT=443 DPT=57060 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Maching Provider Dictionary
Description
This scenario shows how to drop traffic not matching a provider dictionary.
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name newserver.com inet 10.215.168.1 set service dns static host-name webserver.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 filename 'running://webserver_dict.xml' set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set traffic policy POL rule 1 action drop set traffic policy POL rule 1 log app-id set traffic policy POL rule 1 selector SEL set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id engine 128
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.686 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.686/0.686/0.686/0.000 ms
Note
The file webserver_dict.xml contains
a XML dictionary with the following content:
Show output
<?xml version="1.0" encoding="UTF-8"?> <proxy_settings updated="10/12/25" version="2"> <provider engine_id="128" name="Teldat"> <app id="1" name="Web Server Test 1" version="1"> <fqdn_list> <fqdn>webserver.com</fqdn> </fqdn_list> </app> <app id="2" name="Web Server Test 2" version="1"> <address_list> <range id="1"> <net_address>10.215.168.1</net_address> <net_mask>255.255.255.0</net_mask> </range> </address_list> </app> </provider> </proxy_settings>
Step 3: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 4: Run command file copy http://newserver.com running://index.html force at DUT0.
Step 5: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:80 http-host:newserver.com DROPShow output
Jun 04 14:33:55.020423 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21576 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.020484 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21577 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.220619 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21578 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.222683 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21579 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.424615 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21580 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.426652 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21581 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.832579 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21582 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:55.850681 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21583 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:56.664636 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21584 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:56.682710 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21585 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:58.296592 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21586 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:33:58.318647 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21587 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:01.560599 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21588 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:01.706520 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21589 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:08.216584 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21590 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:08.366271 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21591 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com]
Step 6: Run command system journal clear at DUT0.
Warning
The following download operation should fail:
Step 7: Run command file copy https://newserver.com running://index.html force at DUT0.
Step 8: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
L4:443 ssl-host:newserver.com DROPShow output
Jun 04 14:34:15.400420 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=39587 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:15.404418 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=2313 TOS=0x00 PREC=0x00 TTL=64 ID=39588 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:15.412445 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=865 TOS=0x00 PREC=0x00 TTL=64 ID=39590 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:15.600623 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39591 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:15.617990 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=39592 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:15.804593 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39593 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:16.041991 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=39594 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:16.220430 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39595 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:16.877975 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=39596 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:17.048640 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39597 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:18.509900 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=39598 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:18.680585 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39599 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:21.276422 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=21592 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:21.417797 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=21593 DF PROTO=TCP SPT=80 DPT=43934 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:newserver.com] Jun 04 14:34:21.933762 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=1500 TOS=0x00 PREC=0x00 TTL=64 ID=39600 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com] Jun 04 14:34:22.044418 osdx kernel: [POL-1] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=39601 DF PROTO=TCP SPT=443 DPT=53290 WINDOW=506 RES=0x00 ACK URGP=0 APPDETECT[L4:443 ssl-host:newserver.com]
Drop Traffic Not Matching Remote Dictionary
Description
This scenario shows how to drop traffic not matching a remote dictionary category or reputation.
Phase 1: Override mode - drop by not matching category
Phase 2: Override mode - drop by reputation (greater-than, equal, less-than)
Phase 3: Chained mode - drop by not matching category
Phase 4: Chained mode - drop by reputation (greater-than, equal, less-than)
Scenario
Step 1: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19RJ/EVD5VFCGCCNZeMvOo0fb7mRBqygZ8= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX199aOW4bh0uWtuGYOjkJvfLsWbmE7AwaEbhTTqf3VlOByzaKY4/KDLD set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 2: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.562 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.562/0.562/0.562/0.000 ms
Step 3: Run command system journal clear at DUT0.
Step 4: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 5: Run command system journal clear at DUT0.
Step 6: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 7: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U130:7 http-host:enterprise.opentok.com DROPShow output
Jun 04 14:34:56.148908 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=55584 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.148949 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55585 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.349094 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55586 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.352915 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55587 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.553101 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55588 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.556909 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55589 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.968957 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55590 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:56.981012 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55591 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:57.800909 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55592 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:57.813038 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55593 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:59.428848 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55594 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:34:59.448918 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55595 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:35:00.100916 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=18954 DF PROTO=TCP SPT=80 DPT=39952 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Jun 04 14:35:00.213202 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=18955 DF PROTO=TCP SPT=80 DPT=39952 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L4:80 http-host:enterprise.opentok.com] Jun 04 14:35:02.660725 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55596 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:35:02.773086 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55597 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:35:09.316522 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=55598 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com] Jun 04 14:35:09.429113 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=55599 DF PROTO=TCP SPT=80 DPT=52396 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7 http-host:enterprise.opentok.com]
Step 8: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 9: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 10: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 11: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX18ObLbYLJfqPhRZOp2ze9q8TWoQMZVKZE4= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX18Z9YUPqiQS37Vw8QHSqVq7mwpBzoJO2XgrLE504GMy3SbrhAYZ+Mt9 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 12: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.204 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.204/0.204/0.204/0.000 ms
Step 13: Run command system journal clear at DUT0.
Step 14: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 15: Run command system journal clear at DUT0.
Step 16: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 17: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Jun 04 14:35:24.360914 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=42539 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:24.360981 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42540 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:24.564927 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42541 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:24.571979 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42542 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:24.765120 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42543 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:24.779909 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42544 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:25.173112 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42545 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:25.223899 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42546 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:26.005138 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42547 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:26.051896 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42548 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:27.637116 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42549 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:27.715821 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42550 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:30.936920 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42551 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:31.075709 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42552 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:37.589121 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=42553 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:35:37.735458 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=42554 DF PROTO=TCP SPT=80 DPT=49814 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 18: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 19: Run command system journal clear at DUT0.
Step 20: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 21: Run command system journal clear at DUT0.
Step 22: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 23: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Jun 04 14:36:08.072909 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=63600 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.072951 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63601 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.273072 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63602 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.280907 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63603 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.477073 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63604 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.490222 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63605 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.885082 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63606 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:08.934238 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63607 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:09.717098 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63608 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:09.762192 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63609 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:11.349138 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63610 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:11.426254 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63611 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:12.149124 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=50858 DF PROTO=TCP SPT=80 DPT=56656 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:12.546121 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=50859 DF PROTO=TCP SPT=80 DPT=56656 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:14.709087 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63612 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:14.850051 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63613 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:21.365071 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=63614 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:21.505840 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=63615 DF PROTO=TCP SPT=80 DPT=50842 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 24: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 25: Run command system journal clear at DUT0.
Step 26: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 27: Run command system journal clear at DUT0.
Step 28: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 29: Run command system journal show | grep APPDETECT at DUT0 and check if output contains the following tokens:
U131:88 http-host:enterprise.opentok.com DROPShow output
Jun 04 14:36:51.640911 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=23196 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:51.640957 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23197 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:51.841184 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23198 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:51.844608 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23199 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:52.045100 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23200 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:52.052909 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23201 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:52.472917 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23202 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:52.480911 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23203 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:53.301133 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23204 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:53.312908 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23205 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:54.936926 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23206 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:54.976578 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23207 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:55.669165 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=38470 DF PROTO=TCP SPT=80 DPT=42946 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:56.064515 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=38471 DF PROTO=TCP SPT=80 DPT=42946 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:58.229146 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23208 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:36:58.368450 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23209 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:04.885091 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=23210 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:05.024199 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=23211 DF PROTO=TCP SPT=80 DPT=34600 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U131:88 http-host:enterprise.opentok.com]
Step 30: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 31: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 32: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 33: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX19w30HS4Vo5EJgU9ozlO/DTwyyd+ZlbDYo= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX182ocTRYwW6GQLlMgVkX0cNG6Pj9+WK/DJNZQmpt7Dftslp6lZrxlws set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19HtzMUIDQIg4LWuihQaHC5DIUL6IcLhn8= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/cKXv7SrCEJGdHfUaQ/aq/NP9P5Y2MKJ18xiiJoVMqAu9ZQLNAOxn4 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect state detected set traffic selector SEL rule 1 not app-detect app-id category 15
Step 34: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.611 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.611/0.611/0.611/0.000 ms
Step 35: Run command system journal clear at DUT0.
Step 36: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 37: Run command system journal clear at DUT0.
Step 38: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 39: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:37:40.116911 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=46828 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.116953 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46829 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.320912 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46830 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.320977 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46831 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.521085 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46832 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.524907 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46833 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.927034 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46834 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:40.952971 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46835 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:41.758830 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46836 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:41.781067 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46837 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:43.390796 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46838 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:43.413145 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46839 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:44.565107 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34235 DF PROTO=TCP SPT=80 DPT=59642 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:37:44.706716 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34236 DF PROTO=TCP SPT=80 DPT=59642 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:37:46.750652 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46840 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:46.869131 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46841 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:53.406437 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=46842 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:37:53.525109 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=46843 DF PROTO=TCP SPT=80 DPT=36948 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 40: Clean all the configuration in DUT0:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 41: Clean all the configuration in DUT1:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 42: Clean all the configuration in DUT2:
delete set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0
Step 43: Set the following configuration in DUT0 :
set interfaces ethernet eth0 address 10.215.168.64/24 set service dns static host-name enterprise.opentok.com inet 10.215.168.1 set system conntrack app-detect app-id-storage chained set system conntrack app-detect dictionary 1 remote encrypted-key U2FsdGVkX18jVLokKufphO3AaY3widx6AD0ocgZXkZA= set system conntrack app-detect dictionary 1 remote encrypted-url U2FsdGVkX19P4wLmdBXTAW43FPylf9YRhLzALjNTBWV0VgGl5stLRfdKaWTHEdGt set system conntrack app-detect dictionary 1 remote mark 5555 set system conntrack app-detect dictionary 1 remote property category set system conntrack app-detect dictionary 1 remote ssl-allow-insecure set system conntrack app-detect dictionary 2 remote encrypted-key U2FsdGVkX19UKW/nzIHUliOZSlJOOTplMpYM48reSXA= set system conntrack app-detect dictionary 2 remote encrypted-url U2FsdGVkX1/bggEhWExaNK86z9Gv5mUneV5o/F/YGh7oS6P58Jm1W27ykLf5C1E8 set system conntrack app-detect dictionary 2 remote mark 5555 set system conntrack app-detect dictionary 2 remote property reputation set system conntrack app-detect dictionary 2 remote ssl-allow-insecure set system conntrack app-detect enable_dict_match_priv_ip set system conntrack app-detect http-host set system conntrack app-detect ssl-host set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0' set system traffic policy in POL set system traffic policy out POL_OUT set traffic policy POL rule 1 selector RDICT set traffic policy POL rule 2 action drop set traffic policy POL rule 2 log app-id set traffic policy POL rule 2 selector SEL set traffic policy POL_OUT rule 1 copy mark connmark set traffic selector RDICT rule 1 connmark 5555 set traffic selector SEL rule 1 app-detect app-id reputation greater-than 50 set traffic selector SEL rule 1 app-detect state detected
Step 44: Ping IP address 10.215.168.1 from DUT0:
admin@DUT0$ ping 10.215.168.1 count 1 size 56 timeout 1Show output
PING 10.215.168.1 (10.215.168.1) 56(84) bytes of data. 64 bytes from 10.215.168.1: icmp_seq=1 ttl=64 time=0.151 ms --- 10.215.168.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.151/0.151/0.151/0.000 ms
Step 45: Run command system journal clear at DUT0.
Step 46: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 47: Run command system journal clear at DUT0.
Step 48: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 49: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:38:09.392930 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=27948 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:09.392982 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27949 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:09.593061 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27950 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:09.597721 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27951 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:09.797075 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27952 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:09.805721 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27953 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:10.229071 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27954 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:10.241671 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27955 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:11.061077 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27956 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:11.069677 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27957 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:12.693170 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27958 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:12.733672 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27959 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:16.053068 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27960 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:16.189671 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27961 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:22.709063 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=27962 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com] Jun 04 14:38:22.849304 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=27963 DF PROTO=TCP SPT=80 DPT=59388 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[L3:6;L4:80;U130:7;U131:88 http-host:enterprise.opentok.com]
Step 50: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation greater-than set traffic selector SEL rule 1 app-detect app-id reputation equal 88
Step 51: Run command system journal clear at DUT0.
Step 52: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 53: Run command system journal clear at DUT0.
Step 54: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 55: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:38:52.856910 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=10379 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:52.856961 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10380 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.057074 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10381 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.064087 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10382 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.261189 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10383 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.272183 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10384 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.685103 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10385 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:53.692080 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10386 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:54.517129 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10387 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:54.528107 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10388 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:56.149088 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10389 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:56.188026 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10390 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:57.013104 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=34282 DF PROTO=TCP SPT=80 DPT=33334 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:57.152005 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=34283 DF PROTO=TCP SPT=80 DPT=33334 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:59.573113 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10391 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:38:59.707961 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10392 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:06.229087 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=10393 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:06.363629 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=10394 DF PROTO=TCP SPT=80 DPT=48152 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]
Step 56: Modify the following configuration lines in DUT0 :
delete traffic selector SEL rule 1 app-detect app-id reputation equal set traffic selector SEL rule 1 app-detect app-id reputation less-than 100
Step 57: Run command system journal clear at DUT0.
Step 58: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 59: Run command system journal clear at DUT0.
Step 60: Run command file copy http://enterprise.opentok.com running://index.html force at DUT0.
Step 61: Run command system journal show | grep APPDETECT at DUT0 and check if output matches the following regular expressions:
DROP.*.*(?:U130:7;U131:88|U131:88;U130:7).*http-host:enterprise.opentok.comShow output
Jun 04 14:39:36.392910 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=51510 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:36.392948 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51511 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:36.593091 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51512 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:36.600919 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51513 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:36.797163 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51514 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:36.808910 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51515 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:37.205066 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51516 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:37.242496 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51517 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:38.037102 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51518 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:38.076917 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51519 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:39.669074 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51520 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:39.738424 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51521 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:40.533098 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=26626 DF PROTO=TCP SPT=80 DPT=38634 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:40.926398 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=26627 DF PROTO=TCP SPT=80 DPT=38634 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:43.096915 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51522 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:43.230303 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51523 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:49.752920 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=64 TOS=0x00 PREC=0x00 TTL=64 ID=51524 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com] Jun 04 14:39:49.882043 osdx kernel: [POL-2] DROP IN=eth0 OUT= MAC=de:ad:be:ef:6c:00:fe:22:0e:3f:29:f8:08:00 SRC=10.215.168.1 DST=10.215.168.64 LEN=251 TOS=0x00 PREC=0x00 TTL=64 ID=51525 DF PROTO=TCP SPT=80 DPT=56698 WINDOW=508 RES=0x00 ACK PSH URGP=0 APPDETECT[U130:7;U131:88;L3:6;L4:80 http-host:enterprise.opentok.com]