This activity results in the identification of unknown TCP/UDP traffic in order to create custom application IDs. This will enable the cloning of unknown TCP and UDP port-based rules to be adapted to application based. This will provide visibility and control of previously unknown applications.
Tasks in this activity include:
Identify and isolate the unknown flows in the security policy
Perform Packet capture on session flows in order to identify unique application data
Create custom App-IDs and test
Clone unknown tcp/udp rules and create new application rules using custom App-ID
Remove old port based rules
Operationalize client to perform unknown tcp/udp App-ID and policy creation