How To Guides > Application List > Add Application Objects

Add a new Application

Application objects are used to classify traffic on the network and are made up of layer 7 signatures or TCP/UDP port numbers and port ranges. Application classification can be used to monitor traffic or to create application-specific policy. There are many predefined applications on the appliance. You can add any applications that are not already in the list.

Applications can be created from various combinations of L7 signatures, TCP/UDP port numbers or ranges, and network object. The following are valid combinations.

Applications based on L7 signatures. For example, you can create an application for a particular website by selecting http, host, and entering the domain of the website.
Applications based on L7 signature and TCP/UDP port numbers or ranges, which are OR'd together. For example, you could define HTTP based on TCP port 80 OR 'http' L7 signature.
Applications based on network object and TCP/UDP port numbers or ranges, which are AND'd together. For example, you could define an application based on a particular port number on a particular server (specified by network object).
Applications based on only network object. For example, you could define an application based on a particular application server (specified by network object).
Applications based on only TCP/UDP port number or ranges. For example, you could create an application based on a particular port.

Network objects cannot be used in conjunction with a layer 7 signature.

	Note When creating applications based on ports, any given port number can only be defined once for TCP and once for UDP. The same port number can be defined for TCP and UDP. For example, if you define an application object with a port range TCP 500-510, you cannot then define another application object on TCP port 505. However, you can define another application object with UDP port 505. You can define duplicate ports/port ranges if a network object is also specified.

Note

When creating applications based on ports, any given port number can only be defined once for TCP and once for UDP. The same port number can be defined for TCP and UDP. For example, if you define an application object with a port range TCP 500-510, you cannot then define another application object on TCP port 505. However, you can define another application object with UDP port 505.

You can define duplicate ports/port ranges if a network object is also specified.

Many of the L7 signatures have sub-type classifications, which makes layer 7 visibility much more granular. For instance, for reporting on specific web applications, most vendors can only report on port 80 traffic. Exinda allows a deeper look into Layer 7 applications. For example, by comparison:

Layer 4 reporting tools report on web applications as: port 80 or HTTP
Layer 7 reporting tools report on web applications as: Yahoo or Skype
Exindas Layer 7 with sub-type classification report on web applications as: Yahoo video, Yahoo voice, or Yahoo webchat.

This allows you to monitor on a much more granular level.

To add a new application

In the Add New Application area, type a name for the new application.
Define an application to be based on one of the following:
- L7 signature
- L7 signature + ports or protocols
- Network object + ports or protocols
- Network object
- Ports or protocols
Note that network objects cannot be used in conjunction with a layer 7 signature.
Select the Network Object for the application.

If the network object is internal, then traffic inbound to the LAN with the network object as a destination will be matched to this application, and traffic outbound from the LAN with the network object as the source will be matched to this application.

If the network object is external, then traffic inbound to the LAN with the network object as a source will be matched to this application, and traffic outbound from the LAN with the network object as the destination will be matched to this application.
Select the L7 Signature for the application.

Some layer 7 signatures have additional options that allow you to define application objects based on specific parts of that L7 signature. If a layer 7 signature is selected, specify the parameters for the signature.

For example, to create an application object that matches traffic to and from the Exinda.com website, in the L7 Signature field, select http --->, host, and type exinda.com.
In the Ports/Protocols controls, specify either TCP ports/port ranges, UDP ports/port ranges, or a layer 3 protocol.

Multiple ports and port ranges can be specified at the same time by comma separating values.
Click the Add New Application button.

What L7 signature options are there?

Some Layer 7 signatures have additional options that allow you to define application objects based on specific parts of that L7 Signature. When configuring new application object, the L7 signatures followed by '--->' in the drop-down list have additional options. Most provide options that you simply select from. Some require a selection plus additional information. The following table explains the various options that require more than simply picking an option.

Layer 7 Signature	SubType	Description
citrix	application	Allows you to define an Application Object based on a published Citrix application name.
	priority	Allows you to define an Application Object based on a published Citrix priority. Citrix priorities are 0=High, 1=Medium, 2=Low, 3=Background. The Citrix priority detection will only work if Citrix is running without session-reliability, over TCP port 1494.
	user	Allows you to define an Application Object based on the user running the Citrix published application.
(direct download link)	host	Allows you to define an Application Object based on the 'host' field in the HTTP header.
flash	host	Allows you to define an Application Object based on the 'host' field in the HTTP header (where flash is running over http).
http	content_type	Allows you to define an Application Object based on the 'content-type' field in the HTTP header.
	file	Allows you to define an Application Object based on the filename requested in the HTTP URL.
	host	Allows you to define an Application Object based on the 'host' field in the HTTP header.
	method	Allows you to define an Application Object based on the HTTP method (e.g. GET PUT HEAD DELETE).
	user_agent	Allows you to define an Application Object based on the 'user-agent' field in the HTTP header.
	advanced	Define custom criteria with the following syntax: A string literal is enclosed in quotes ("). Internal quotes can be escaped with the backslash (\") character. A backslash can be included in the string by escaping it with another backslash (\\). Keywords are bare (common_name) with no quotes. Keywords are bare (host) with no quotes. Grouping is supporting using parenthesis Operators supported are or and and and has higher precedence than or The comparison operators that are available are:
			Description	Syntax	Example
			equals	<keyword> = <value>	host = "example.com"
			does not equal	<keyword> != <value>	host != "example.com"
			contains substring	<keyword> =% <value>	host =% "example.com"
			does not contain substring	<keyword> !% <value>	host !% "example.com"
			Right side is a regular expression and it matches the full left side	<keyword> =~ <value>	host =~ "example.*"
			Right side is a regular expression and it does not match the full left side	<keyword> !~ <value>	host !~ "example.*"
		Regular expressions use the perl syntax The keywords for HTTP are: host, file, user_agent, content_type, method, content_len and encoding Examples: (url =% "index" or file =% "login") and host =% "example.org" and content_type.case = "MyContentType" (host =% "facebook.com" and file !% "cgi-bin/abcd") or host =% "facebook2.com"
mpeg	host	Allows you to define an Application Object based on the 'host' field in the HTTP header (where mpeg is running over http).
quicktime	host	Allows you to define an Application Object based on the 'host' field in the HTTP header (where quicktime is running over http).
silverlight	host	Allows you to define an Application Object based on the 'host' field in the HTTP header (where silverlight is running over http).
ssl	common_name	Allows you to define an Application Object based on the 'common name' field in the SSL certificate.
	advanced	Define custom criteria with the following syntax: A string literal is enclosed in quotes ("). Internal quotes can be escaped with the backslash (\") character. A backslash can be included in the string by escaping it with another backslash (\\). Keywords are bare (common_name) with no quotes. Grouping is supporting using parenthesis Operators supported are or and and and has higher precedence than or The keywords for SSL are common_name (`cn`) and organization_name (`o`) The comparison operators that are available are:
			Description	Syntax	Example
			equals	<keyword> = <value>	common_name = "John"
			does not equal	<keyword> != <value>	common_name != "John"
			contains substring	<keyword> =% <value>	common_name =% "John"
			does not contain substring	<keyword> !% <value>	common_name !% "John"
			Right side is a regular expression and it matches the full left side	<keyword> =~ <value>	common_name =~ "John*"
			Right side is a regular expression and it does not match the full left side	<keyword> !~ <value>	common_name !~ "John*"
		Regular expressions use the perl syntax
	organization_name	Allows you to define an Application Object based on the 'organization' name field in the SSL certificate.
	spdy	This field should remain empty as any values typed here are ignored.
rtp	codec	Allows you to define an Application Object based on the 'codec' used in a RTP stream.
windowsmedia	host	Allows you to define an Application Object based on the 'host' field in the HTTP header (where windowsmedia is running over http).