Getting started with Network Application elements
Network Application elements provide a way to dynamically identify traffic patterns related to the use of a particular network application.
Network Application elements allow you to more flexibly identify traffic beyond specifying a network protocol and ports for TCP and UDP traffic with a Service element. Matching is done based on the payload in the packets, making it possible to identify the protocol even when non-standard ports are used. First, the protocol is identified, then a protocol-specific pattern matching context is applied to identify the network applications.
Keep the following in mind when working with Network Application elements:
- There are several predefined Network Application elements available that define the criteria for matching commonly used network applications. No configuration is required to be able to use Network Application elements in Access rules.
- Predefined TLS Match elements are used in the properties of some predefined Network Application elements to allow the Network Application to match the use of the TLS protocol in traffic.
- You cannot edit the predefined Network Application elements. However, Access rules can override the properties of a predefined Network Application element.
- Creating Network Application elements requires detailed knowledge of the network applications you want to detect and the traffic patterns related to their use. Creating Network Application elements is not recommended.
- If a certificate for TLS inspection has been uploaded to the engine, adding a Network Application that allows or requires the use of TLS to an Access rule enables the decryption of all TLS traffic. So does enabling the logging of Application information in the Access rules.