5.2 Unknown Applications

Printer Friendly Page

5.2 Unknown Applications

 

This activity results in the identification of unknown TCP/UDP traffic in order to create custom application IDs. This will enable the cloning of unknown TCP and UDP port-based rules to be adapted to application based. This will provide visibility and control of previously unknown applications. 

Tasks in this activity include:

  • Identify and isolate the unknown flows in the security policy 
  • Perform Packet capture on session flows in order to identify unique application data
  • Create custom App-IDs and test
  • Clone unknown tcp/udp rules and create new application rules using custom App-ID
  • Remove old port based rules
  • Operationalize client to perform unknown tcp/udp App-ID and policy creation

 

Deliverables: 

  • Custom App-ID addendum to the As-Built document

 

Consultant Collateral: 

  • Custom App-Id Best Practice document
Ask Questions Get Answers Join the Live Community
Version history
Revision #:
3 of 3
Last update:
‎07-02-2020 11:14 AM
Updated by:
 
Labels
Contributors