Custom app signature not match

Showing results for 
Search instead for 
Did you mean: 

Custom app signature not match

L2 Linker

Hello everybody,

we have the following problem. We must allow dhcp-requests from outside to our dhcp-server. I will allow only those requests, that's contain a specific ip-address of a dhcp-relay and a specific mac-address of the dhcp-client. I have capture the packet, and so I know the hex-data contains in the packet. I defined a custom app-id with parent-app dhcp, and defined a signature contains the specific hex-data (unknown-request-udp-payload, patterm-match, pattern: .*(\x96cbefc8e8039aa99e71\x) ). Also I defined a destination-port (udp/67).

But that doesn't work. The custom app-id only match, when I defined also a application-override-rule. And it also match, when I changed the signature.:-(

But I will not only override the application. I will use this custom app-id for allowing specific traffic.

What's wrong? Is it possible?

Thanks for any help.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!