Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

App Override - should it be "instant"? Also, SFTP?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

App Override - should it be "instant"? Also, SFTP?

L3 Networker

I have some stuff that is getting mis-categorized, so I setup app-override rules.  After committing the config, if I go over to the ACC tab, should the formerly-uncategorized traffic be automatically put in the right place?  Or does the app-override only apply to future traffic after the commit?

Secondly, what is the correct application to catch SFTP (which I believe is similar to cp running inside of an SSH tunnel, as it runs on port 22)?  Should I be using the normal SSH app, or is "ssh-tunnel" correct?

2 REPLIES 2

L4 Transporter

fror the first part -App overide applies to the future traffic that matches the rule

L4 Transporter

bradenmcg wrote:

I have some stuff that is getting mis-categorized, so I setup app-override rules.  After committing the config, if I go over to the ACC tab, should the formerly-uncategorized traffic be automatically put in the right place?  Or does the app-override only apply to future traffic after the commit?

Secondly, what is the correct application to catch SFTP (which I believe is similar to cp running inside of an SSH tunnel, as it runs on port 22)?  Should I be using the normal SSH app, or is "ssh-tunnel" correct?

The appliance won;t go back through the logs and re-categorise traffic which has already eben passed - that's merely a log entry.

All new traffic which matches your app over-ride will have the over-ride's name instead of the incorrect category.

As far as SFTP goes, I'm pretty sure it's identified by the SSH application ID - yup, just tested it, and it logs as "ssh".

Cheers.

  • 2458 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!