Layer 7 attributes (App IDs) identify which application a particular packet or flow is generated by, independent of the port that is being used. Using App IDs reduces north south and east west attacks by only allowing appropriate traffic across an open port.
Enforcement based on App IDs enable users to allow or deny applications to run on any port, or to force applications to run on their standard port. vDPI enables matching packet payload against defined patterns, commonly referred to as signatures. Signature-based identification and enforcement enables customers to match the particular application/protocol a flow belongs to, and the version of that protocol, for example TLS version 1.0, TLS version 1.2 or different versions of CIFS traffic. This allows you to have visibility into or restrict the use of protocols that have known vulnerabilities for all deployed applications, and their E-W flows within the datacenter.
Layer 7 App IDs are used in context profiles and L7 access profiles in distributed firewall and gateway firewall rules.
- Gateway firewall rules do not support the use of FQDN attributes or other sub attributes in context profiles.
- Context profiles are not supported on tier-0 gateway firewall policy.
- For FQDN, users need to configure a high priority rule with a DNS App ID for the specified DNS servers on port 53.
- SYSLOG App ID is detected only on standard ports.
Below is a table with the list of Basic App IDs. For Advanced App IDs see NSX Application IDs.
Attribute (App ID) | Description | Type |
---|---|---|
360ANTIV | 360 Safeguard is a program developed by Qihoo 360, an IT company based in China | Web Services |
ACTIVDIR | Microsoft Active Directory | Networking |
AMQP | Advanced Messaging Queuing Protocol is application layer protocol which supports business message communication between applications or organizations | Networking |
AVAST | Traffic generated by browsing Avast.com official website of Avast! Antivirus downloads | Web Services |
AVG | AVG Antivirus/Security software download and updates | File Transfer |
AVIRA | Avira Antivirus/Security software download and updates | File Transfer |
BLAST | A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network for VMware Horizon desktops. | Remote Access |
BDEFNDER | BitDefender Antivirus/Security software download and updates. | File Transfer |
CA_CERT | Certification authority (CA) issues digital certificates which certifies the ownership of a public key for message encryption | Networking |
CIFS | CIFS (Common Internet File System) is used to provide shared access to directories, files, printers, serial ports, and miscellaneous communications between nodes on a network | File Transfer |
CLDAP | Connectionless Lightweight Directory Access Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network using UDP. | Networking |
CTRXCGP | Citrix Common Gateway Protocol is an application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network using UDP. | Database |
CTRXGOTO | Hosting Citrix GoToMeeting, or similar sessions based on the GoToMeeting platform. Includes voice, video, and limited crowd management functions | Collaboration |
CTRXICA | ICA (Independent Computing Architecture) is a proprietary protocol for an application server system, designed by Citrix Systems | Remote Access |
DCERPC | Distributed Computing Environment / Remote Procedure Calls, is the remote procedure call system developed for the Distributed Computing Environment (DCE) | Networking |
DIAMETER | An authentication, authorization, and accounting protocol for computer networks | Networking |
DHCP | Dynamic Host Configuration Protocol is a protocol used management for the distribution of IP addresses within a network | Networking |
DNS | Querying a DNS server over TCP or UDP | Networking |
EPIC | Epic EMR is an electronic medical records application that provides patient care and healthcare information. | Client Server |
ESET | Eset Antivirus/Security software download and updates | File Transfer |
FPROT | F-Prot Antivirus/Security software download and updates | File Transfer |
FTP | FTP (File Transfer Protocol) is used to transfer files from a file server to a local machine | File Transfer |
GITHUB | Web-based Git or version control repository and Internet hosting service | Collaboration |
HTTP | (HyperText Transfer Protocol) the principal transport protocol for the World Wide Web | Web Services |
HTTP2 | Traffic generated by browsing websites that support the HTTP 2.0 protocol | Web Services |
IMAP | IMAP (Internet Message Access Protocol) is an Internet standard protocol for accessing email on a remote server | |
KASPRSKY | Kaspersky Antivirus/Security software download and updates | File Transfer |
KERBEROS | Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography | Networking |
LDAP | LDAP (Lightweight Directory Access Protocol) is a protocol for reading and editing directories over an IP network | Database |
MAXDB | SQL connections and queries made to a MaxDB SQL server | Database |
MCAFEE | McAfee Antivirus/Security software download and updates | File Transfer |
MSSQL | Microsoft SQL Server is a relational database. | Database |
NFS | Allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed.
Note: NFS version 4 is not a supported attribute.
|
File Transfer |
NNTP | An Internet application protocol used for transporting Usenet news articles (netnews) between news servers, and for reading and posting articles by end user client applications. | File Transfer |
NTBIOSNS | NetBIOS Name Service. In order to start sessions or distribute datagrams, an application must register its NetBIOS name using the name service | Networking |
NTP | NTP (Network Time Protocol) is used for synchronizing the clocks of computer systems over the network | Networking |
OCSP | An OCSP Responder verifying that a user's private key has not been compromised or revoked | Networking |
ORACLE | An object-relational database management system (ORDBMS) produced and marketed by Oracle Corporation. | Database |
PANDA | Panda Security Antivirus/Security software download and updates. | File Transfer |
PCOIP | A remote access protocol that compresses, encrypts, and encodes a computing experiences at a data center and transmits it across any standard IP network. | Remote Access |
POP3 | Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. | |
RADIUS | Provides centralized Authentication, Authorization, and Accounting (AAA) management for computers to connect and use a network service | Networking |
RDP | RDP (Remote Desktop Protocol) provides users with a graphical interface to another computer | Remote Access |
RTCP | RTCP (Real-Time Transport Control Protocol) is a sister protocol of the Real-time Transport Protocol (RTP). RTCP provides out-of-band control information for an RTP flow. | Streaming Media |
RTP | RTP (Real-Time Transport Protocol) is primarily used to deliver real-time audio and video | Streaming Media |
RTSP | RTSP (Real Time Streaming Protocol) is used for establishing and controlling media sessions between end points | Streaming Media |
SIP | SIP (Session Initiation Protocol) is a common control protocol for setting up and controlling voice and video calls | Streaming Media |
SMTP | SMTP (Simple Mail Transfer Protocol) An Internet standard for electronic mail (e-mail) transmission across Internet Protocol (IP) networks. | |
SNMP | SNMP (Simple Network Management Protocol) is an Internet-standard protocol for managing devices on IP networks. | Network Monitoring |
SSH | SSH (Secure Shell) is a network protocol that allows data to be exchanged using a secure channel between two networked devices. | Remote Access |
SSL | SSL (Secure Sockets Layer) is a cryptographic protocol that provides security over the Internet. | Web Services |
SYMUPDAT | Symantec LiveUpdate traffic, this includes spyware definitions, firewall rules, antivirus signature files, and software updates. | File Transfer |
SYSLOG | SYSLOG is a protocol that allows network devices to send event messages to a logging server. | Network Monitoring |
TELNET | A network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. | Remote Access |
TFTP | TFTP (Trivial File Transfer Protocol) being used to list, download, and upload files to a TFTP server like SolarWinds TFTP Server, using a client like WinAgents TFTP client. | File Transfer |
VNC | Traffic for Virtual Network Computing. | Remote Access |
WINS | Microsoft's implementation of NetBIOS Name Service (NBNS), a name server and service for NetBIOS computer names. | Networking |