Create Application Filtering Intelligence for Physical Environment
GigaVUE‑FM allows you to create Application Filtering Intelligence by selecting the applications available from the Total Applications displayed on the Application Intelligence (AFI) dashboard. To create Application Filtering Intelligence, follow these steps:
|
1.
|
On the left navigation pane, go to Traffic  > Solutions>App Intelligence. |
Note: If you are creating Application Filtering Intelligence immediately after creating Application Monitoring, then you can proceed from Step 2.
|
2.
|
Select the required application from the Total Applications in the right pane of the Application Intelligence dashboard. You can also select multiple applications for creating the Application Filtering Intelligence. |
|
3.
|
Click Operations, and select App Filtering from the drop-down list. |
You can view the list of applications selected in the Selected Applications section.
|
4.
|
Select either the Pass or Drop check box for an application to allow it to either pass through or get dropped off in the tool port present in the DestinationTrafficPriority. You can also perform a search operation to filter the required application from the list of applications. |
|
5.
|
Use the Destination Traffic Priority section, to either choose the available tool port or add a new port for creating a traffic priority. In the Select ports... field, select the tool ports for sending the filtered applications traffic to the external tool. If you are unable to view the required port in the Port field, perform these steps: |
|
o
|
Click Port Editor.Select the Type as Tool from the drop-down list for the required Port Id. Select OK. |
The selected Port appears in the list.
|
6.
|
In the Priority section, you can perform the following actions: |
|
o
|
Enable the Pass All check box to pass all the applications when there are no matching rules. |
|
o
|
Click Advanced Rules > Add a rule to add new rules to perform advanced filtering on the application. For more details on adding a rule, refer to Adding Rules section. |
Note: To view the statistics of packets that are sent due to no rule match pass, view the Map Rule Counters. Refer Review Map Statistics with Map Rule Counters
|
7.
|
In the Destination Traffic Priority section, click +Add New to create additional Destination Traffic Priority (second level maps). In Application Filtering Intelligence, you can create a maximum of five Destination Traffic Priorities. |
Note: You can click and drag the icon 
to reorder the map priority when there are multiple priorities.
|
8.
|
Click Filter to buttonfor the corresponding Priority in a Destination Traffic Priority sectionfor passing and dropping the applications to the required tool ports. |
Note: You cannot filter the traffic using applications when you select pattern match in the rules configuration.
In the Application Filtering Intelligence Settings, you can edit the following options while creating the Application Filtering Intelligence:
|
Field
|
Mandatory
|
Default
|
Notes
|
|
Bidirectional
|
No
|
Enabled
|
Configures the type
of traffic to be processed. It’s recommended to process traffic inclusive of both the directions.
|
|
Timeout
|
Yes
|
15s
|
Range: 10-120s
Configures the
timeout interval for flushing the flows that remain silent.
|
|
Buffer
|
No
|
20
|
Range: 3-20
The DPI engine
identifies applications based on the first few packets. This setting allows
AFI to buffer the packets before applying the filtering rules.
Decreasing the
buffer size can result in premature packet drops. It’s not recommended to
change the setting. Please seek an expert’s advice from Gigamon if you want
to change it.
|
|
Protocol
|
Yes
|
TCP-UDP
|
Options: TCP only,
UDP only, TCP-UDP, TCP UDP and SCTP, SCTP only.
Application Intelligence maintains
sessions based on the 5tuples. This option determines the protocol type for
maintaining the sessions. The traffic that does not match the protocol type will be dropped. You can configure first-level shared collector map to monitor the traffic as needed.
|
|
Packet Count .
|
No
|
Disabled
|
Range: 20-100 Configures the no. of packets to be passed per flow. This option can help to monitor the first few packets as in, for example, TLS handshake.
|
|
Session Fields
|
Yes
|
5tuple
|
Configures the protocol fields to be used for uniquely identifying flows. By default, inner header fields (Source and Destination IP address, Source and Destination Port Numbers, and Protocol) are used for identifying flows.
(Optional) VLAN can be included along with the 5tuples.
|
You can view the Application Filtering IntelligenceStatistics from the Application Intelligence Dashboard page.
Adding Rules
You can use Advanced Rules option to add more rules in Application Filtering. To add rules, do the following:
|
1.
|
Go to Priority>Advanced Rules >Add a Rule |
|
2.
|
Click the field Select Options in Rule 1. and select any of the following options: |
|
■
|
Pattern Match — You can select the pattern type as either as follows and provide the respective values. |
|
•
|
Regex- For example, you can use it if you want to filter HTTP sessions that include JSON and API traffic. |
|
■
|
VN-Tag Destination VIF ID |
|
3.
|
Click Pass or Drop check box to allow it to either pass through or get dropped off in the tool port present in the DestinationTrafficPriority. |
Application Filtering Intelligence can also be configured for virtual environment, refer to Application Filtering Intelligence for more detailed information.
