Configuring Apr; Overview; Pbar; Group-Based Application Recognition - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Configuring APR
Overview
The application recognition (APR) feature enables QoS and ASPF to recognize application protocols of
packets sent on ports that are not well known. APR separately counts the number of packets or bytes that
an interface has received or sent based on application protocols. It also calculates the transmission rates
of the interface at the same time.
APR uses the following methods to recognize an application protocol:
Port-based application recognition (PBAR).
•
•
Group-based application recognition.
PBAR
PBAR maps a port to an application protocol and works with other features to recognize packets of the
application protocol according to the port-protocol mapping.
The ports include the following types:
Pre-defined—Ports to which the application protocols are mapped by default.
•
User-defined—Ports to which the application protocols are manually mapped.
•
PBAR offers the following mappings to maintain and apply user-defined port configuration:
General port mapping—Mapping of a user-defined port to an application protocol. Such a
•
mapping applies to all packets. For example, if port 2121 is mapped to FTP, all packets destined for
that port are regarded as FTP packets.
Host-port mapping—Mapping of a user-defined port to an application protocol for packets to or
•
from some specific hosts. For example, you can establish a host-port mapping so that all packets
destined for the network segment 10.1 10.0.0/16 on port 2121 are regarded as FTP packets. To
define the range of the hosts, you can specify the ACL, the host IP address range, or the subnet.
Host-port mapping can be further divided into the following categories:
ACL-based host-port mapping—Mapping of a port to an application protocol for the packets
matching against the specified ACL.
Subnet-based host-port mapping—Mapping of a port to an application protocol for the
packets sent to the specified subnet.
IP address-based host-port mapping—Mapping of a port to an application protocol for the
packets destined for the specified IP addresses.
Group-based application recognition
The group-based application recognition method adds an application protocol to an application group
and records its unique properties (for example, the mapped port). APR works with other features to
recognize packets of an application protocol by matching the unique properties of the application
protocol.
296
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
