Layer 7 attributes (App Ids) identify which application a particular packet or flow is generated by, independent of the port that is being used.

Enforcement based on App Ids enable users to allow or deny applications to run on any port, or to force applications to run on their standard port. vDPI enables matching packet payload against defined patterns, commonly referred to as signatures. Signature-based identification and enforcement, enables customers not just to match the particular application/protocol a flow belongs to, but also the version of that protocol, for example TLS version 1.0 version TLS version 1.2 or different versions of CIFS traffic. This allows customers to get visibility into or restrict the use of protocols that have known vulnerabilities for all deployed applications and their E-W flows within the datacenter.

Layer 7 App Ids are used in context profiles in distributed firewall and gateway firewall rules, and are supported on ESXi and KVM hosts.

Gateway firewall rules do not support the use of FQDN attributes or other sub attributes.

Supported App Ids and FQDNs:
  • For FQDN, users need to configure a high priority rule with a DNS App Id for the specified DNS servers on port 53.
  • ALG App Ids (FTP, ORACLE, DCERPC, TFTP), require the corresponding ALG service for the firewall rule.
  • SYSLOG App Id is detected only on standard ports.
KVM Supported App Ids and FQDNs:
  • Sub attributes are not supported on KVM.
  • FTP and TFTP ALG App Ids are supported on KVM.
Attribute (App Id) Description Type
360ANTIV 360 Safeguard is a program developed by Qihoo 360, an IT company based in China Web Services
ACTIVDIR Microsoft Active Directory Networking
AMQP Advanced Messaging Queuing Protocol is application layer protocol which supports business message communication between applications or organizations Networking
AVAST Traffic generated by browsing Avast.com official website of Avast! Antivirus downloads Web Services
AVG AVG Antivirus/Security software download and updates File Transfer
AVIRA Avira Antivirus/Security software download and updates File Transfer
BLAST A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops. Remote Access
BDEFNDER BitDefender Antivirus/Security software download and updates. File Transfer
CA_CERT Certification authority (CA) issues digital certificates which certifies the ownership of a public key for message encryption Networking
CIFS CIFS (Common Internet File System) is used to provide shared access to directories, files, printers, serial ports, and miscellaneous communications between nodes on a network File Transfer
CLDAP Connectionless Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network using UDP. Networking
CTRXCGP Citrix Common Gateway Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network using UDP. Database
CTRXGOTO Hosting Citrix GoToMeeting, or similar sessions based on the GoToMeeting platform. Includes voice, video, and limited crowd management functions Collaboration
CTRXICA ICA (Independent Computing Architecture) is a proprietary protocol for an application server system, designed by Citrix Systems Remote Access
DCERPC Distributed Computing Environment / Remote Procedure Calls, is the remote procedure call system developed for the Distributed Computing Environment (DCE) Networking
DIAMETER An authentication, authorization, and accounting protocol for computer networks Networking
DHCP Dynamic Host Configuration Protocol is a protocol used management for the distribution of IP addresses within a network Networking
DNS Querying a DNS server over TCP or UDP Networking
EPIC Epic EMR is an electronic medical records application that provides patient care and healthcare information. Client Server
ESET Eset Antivirus/Security software download and updates File Transfer
FPROT F-Prot Antivirus/Security software download and updates File Transfer
FTP FTP (File Transfer Protocol) is used to transfer files from a file server to a local machine File Transfer
GITHUB Web-based Git or version control repository and Internet hosting service Collaboration
HTTP (HyperText Transfer Protocol) the principal transport protocol for the World Wide Web Web Services
HTTP2 Traffic generated by browsing websites that support the HTTP 2.0 protocol Web Services
IMAP IMAP (Internet Message Access Protocol) is an Internet standard protocol for accessing email on a remote server Mail
KASPRSKY Kaspersky Antivirus/Security software download and updates File Transfer
KERBEROS Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography Networking
LDAP LDAP (Lightweight Directory Access Protocol) is a protocol for reading and editing directories over an IP network Database
MAXDB SQL connections and queries made to a MaxDB SQL server Database
MCAFEE McAfee Antivirus/Security software download and updates File Transfer
MSSQL Microsoft SQL Server is a relational database. Database
NFS Allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed File Transfer
NNTP An Internet application protocol used for transporting Usenet news articles (netnews) between news servers, and for reading and posting articles by end user client applications. File Transfer
NTBIOSNS NetBIOS Name Service. In order to start sessions or distribute datagrams, an application must register its NetBIOS name using the name service Networking
NTP NTP (Network Time Protocol) is used for synchronizing the clocks of computer systems over the network Networking
OCSP An OCSP Responder verifying that a user's private key has not been compromised or revoked Networking
ORACLE An object-relational database management system (ORDBMS) produced and marketed by Oracle Corporation. Database
PANDA Panda Security Antivirus/Security software download and updates. File Transfer
PCOIP A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network. Remote Access
POP2 POP (Post Office Protocol) is a protocol used by local e-mail clients to retrieve e-mail from a remote server. Mail
POP3 Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Mail
RADIUS Provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service Networking
RDP RDP (Remote Desktop Protocol) provides users with a graphical interface to another computer Remote Access
RTCP RTCP (Real-Time Transport Control Protocol) is a sister protocol of the Real-time Transport Protocol (RTP). RTCP provides out-of-band control information for an RTP flow. Streaming Media
RTP RTP (Real-Time Transport Protocol) is primarily used to deliver real-time audio and video Streaming Media
RTSP RTSP (Real Time Streaming Protocol) is used for establishing and controlling media sessions between end points Streaming Media
SIP SIP (Session Initiation Protocol) is a common control protocol for setting up and controlling voice and video calls Streaming Media
SMTP SMTP (Simple Mail Transfer Protocol) An Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. Mail
SNMP SNMP (Simple Network Management Protocol) is an Internet-standard protocol for managing devices on IP networks. Network Monitoring
SSH SSH (Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. Remote Access
SSL SSL (Secure Sockets Layer) is a cryptographic protocol that provides security over the Internet. Web Services
SYMUPDAT Symantec LiveUpdate traffic, this includes spyware definitions, firewall rules, antivirus signature files, and software updates. File Transfer
SYSLOG Symantec LiveUpdate traffic, this includes spyware definitions, firewall rules, antivirus signature files, and software updates. Network Monitoring
TELNET A network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Remote Access
TFTP TFTP (Trivial File Transfer Protocol) being used to list, download, and upload files to a TFTP server like SolarWinds TFTP Server, using a client like WinAgents TFTP client. File Transfer
VNC Traffic for Virtual Network Computing. Remote Access
WINS Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. Networking