Observer GigaFlow

Documentation

Table of Contents

Observer GigaFlow Documentation

Documentation > Reference Manual for GigaFlow > Configuration > Applications

Applications

GigaFlow comes loaded with a standard set of application port and protocol definitions. Flow records are associated with application names if there is a match.

Users can define their own application names within the software and have that application ID (Appid) available within the flow record. There are 3 techniques used, applied in order:

  1. Customers can define an application profile which lets them match traffic by source/destination IP address, source/destination port, source/destinaton MAC address, protocol, COS and/or nested rules.
  2. They can assign their own application names to specificed IP ports, i.e. create Named Applications.
  3. Or, if there are no user defined settings, the software will select the lowest port.

Configuration - Applications

Add Defined Application
  • In the New Defined Application section, specify a name, a description and select the flow object that is associated with the application.
  • Click Save to add the application.
Add Flow Object
  • Specify the flows that make up the object.

Flow Objects are defined by:

  • Name.
  • Description.
  • Device IP address (Device IP).
  • Source IP address (Src IP).
  • Source MAC address (Src MAC).
  • Source Port (Src Port).
  • Source Traffic Group.
  • Destination IP address (Dst IP).
  • Destination MAC address (Dst MAC).
  • Destination Port (Dst Port).
  • Destination Traffic Group.
  • Protocol.
  • Class of Service (COS).
  • Negate (True/False)

IP addresses, MAC addresses, Ports and Traffic Groups can also be defined as both Source/Destination.

You can add ANDd existing profile(s) to the new Flow Object, i.e. the new definitions are added to the existing profile(s).

You can also select alternative existing profile(s) that this new profile also maps to (ORd), i.e. the new Flow Object uses either the new definitions or the existing Flow Object definitions.

To ANDd or ORd profile(s), use the drop-down menu in the Flow Object definitions and click the +.

As an example, a printer installation at a particular location connected to a particular router can be defined by a Flow Object that consists of:

  • A printer Flow Object.
  • ANDd a location Flow Object.
  • ANDd a router Flow Object.

Or

  • The Flow Object could define the IP address of a server and the web port(s).

A second Flow Object can be defined that will have its flow checked against the Allowed profile; this is an Entry profile.

Add Protocol/Port Application

To add a protocol or port application, click the Add protocol/port application icon and enter:

  • Name: Name of the application.
  • Protocol: the network protocol associated with the application.
  • Port: the port number associated with the application.

Click Save.

Existing Defined Application

Already defined applications are listed here. Existing applications can be edited to associate icons.

Existing Flow Objects

Already defined flow objects are listed here.

Existing Protocol/Port Applications

Already defined protocol/port applications are listed here. Existing protocol/port applications can be edited to associate icons.