Custom App-ID for NCAA March Madness 2017

by vsathiamoo ‎03-13-2017 05:08 PM - edited ‎03-15-2017 04:20 PM (12,815 Views)

In continuation of our tradition to publish custom apps for March Madness, the annual college basketball tournaments, we provide the following custom signatures:

 

Signature Identifies the NCAA March Madness...
ncaa2017-mml

Live landing page on PCs and mobile apps

ncaa2017-video

Live video stream for PCs and mobile devices (including replay streams)

 

 

The NCAA is streaming all the games via its March Madness Live page/app. You can use the above three custom signatures to identify this traffic and control the policies accordingly.

 

Recommended best practices

 

  1. To block the NCAA March Madness Live application/player:
      • Create a security rule to 'deny' ncaa2017-mml.
  2. To enforce QoS policing (permit the NCAA March Madness Live application but rate limit the video streams):
      • Create a security rule to 'allow' ncaa2017-mml and ncaa2017-video applications.
      • Create a QoS policy for ncaa2017-video.                                                              
  3. To simply gain visibility into the usage of March Madness Live in your traffic mix:
      • When you import the custom-defined applications to your firewall and commit, make sure the traffic is 'allowed' by the security policies.

You can use the CLI 'show session all filter application <ncaa2017-mml|ncaa2017-video>' to check all sessions matching the apps created.

 

 

Import custom apps to your firewall

 

1. On the Objects tab, under Applications, click the Import button at the bottom bar (circled below).

 

Screen Shot 2017-03-13 at 3.00.05 PM.png

 

2. Upload the custom application XMLs provided.

 

Screen Shot 2017-03-13 at 3.02.37 PM.png

 

3. Verify that the new custom app shows up in the Applications pane.

 

Screen Shot 2017-03-14 at 1.10.16 PM.png

 

 

 Anonymous Proxy tools such as Ultrasurf could be used by the end user to watch the video content. In such cases, for the firewall to identify the proxy tool, SSL decryption policy has to be configured on the firewall. Once the SSL decryption is enabled, App-ID engine will identify the proxy tools. If the security policy does not have those App-IDs whitelisted, the firewall will block the session.

  

Ask Questions Get Answers Join the Live Community