Configure Application Filtering Intelligence for Virtual Environment

Application Filtering Intelligence (AFI) can be configured in the Monitoring Session Canvas. To add Application Filtering application to the canvas, follow the steps given below:

  1. Drag and drop New Map from New to the graphical workspace.
  2. Click the application and select Details. The Application quick view appears.
  3. Enable Application Filtering in the GENERAL tab.
  4. In the Application quick view, enter or select the following details in the GENERAL tab:

    Parameter

    Description

    Name

    Enter a name for the application.

    Description

    Enter the description.

    Application Filtering Settings

    Bidirectional

    Enable or Disable Bi-Directional Flow behavior. Bi-Directional is enabled by default. Disable this option for Uni-Directional Flow behavior.

    Timeout

    Specify the traffic flow inactivity timeout, in seconds. The session will be removed due to inactivity when no packets match.

    Buffer

    This option is enabled by default.

    Buffer Count Before

    Number of packets that should be buffered until the flow is identified. If the flow is not identified even after reaching the maximum number of packets buffered, then all the subsequent packets of this session will be dropped.

    Protocol

    Select the Protocol. The packet matching the selected protocol will be filtered. The default value is TCP-UDP.

    Packet Count

    Enable or Disable Packet Count. Packet Count is disabled by default.

    Number of packets

    Note:  This field appears only when Packet Count field is enabled.

    Specifies the number of packets to forward to the tool port for each session match. After the packet count is reached, subsequent packets for the session are dropped. The packet count includes the packet that triggered the creation of the session. The default is disable, which means that all packets will be forwarded to the tool port. The range is from 2 to 100.

    Session Fields

    Session Field

    The Packet fields to be considered for creating the Session / traffic flow (Session key fields)

    Action

    Add or Remove 'VlanId' Packet field for creating the session / traffic flow.

    Advanced Settings

    Number of Flows

    The number of flows supported by the application.
    Refer to the following table for the maximum number of flows supported for VMware, AWS, and Azure platforms.

      Cloud Platform

    Instance Size

    Maximum Number of Flows

    VMware

    Large (8 vCPU and 16 GB RAM)

    200k

    AWS

    Large (c5n.2xlarge)

    300k

    Medium (t3a.xlarge)

    100k

    Azure

    Large (Standard_D8s_V4)

    500k

    Medium (Standard_D4s_v4)

    100k

    Nutanix

    Large (8 vCPU and 16 GB RAM)

    200k

    Note:  Medium Form Factor is supported for VMware ESXi only when secure tunnels option is disabled. The maximum Number of Flows for VMware ESXi when using a medium Form Factor is 50k.


    Fast Mode

    Enable the Fast Mode option for performance (less CPU cycles and less memory utilization) improvement. When the Fast Mode is enabled, some or all of the attributes of the applications will be disabled. You can view the list of attributes/applications available in the fast mode by navigating to the app editor under AMI feature in the FM. If all the attributes of the application are disabled then the application itself is disabled. Refer to Fast Modesection for more information on the benefits and Limitations of the Fast Mode.

  5. Click the RULESETS tab. Through the map, packets can be dropped or passed based on the highest to lowest rule priority. You can add 5 rule sets on a map. Each rule set can have only 25 rules per map and each rule can have a maximum of 4 conditions.

    Enter the following details for each of the Rule Set created:

    Parameter

    Description

    Priority

    A priority determines the order in which the rules are executed. The priority value can range from 1 to 5, with 1 being the highest and 5 is the lowest priority.

    AE ID

    Application Endpoint ID will be used as source or destination object for creating or connecting links

    Actions

    Using this option, you can perform the following functions:

    New Ruleset- Use to add a new Rule Set.

    Note:  A maximum of 5 Rule Sets can be created.

    New Rule- Use to add a New Rule

    Note:  A maximum of 25 Rules can be created per rule set.

    Delete this Ruleset- Use to delete the Ruleset

    RULES

    Rule

    Use the toggle button to Pass or Drop the traffic through the map.

    Condition

    Select any one of the conditions from the drop-down menu and search or select the attributes.

    Use the + and - buttons to add or remove a condition with a Rule.

    Click and select Add Condition to add more conditions.

    Note:  A maximum of 4 conditions can be created per Rule.

    APPLICATION FILTERING

    Select the applications and their attributes for traffic filtering by layer seven applications. You can select a maximum of 64 attributes for each application.

    Add Application

    Click on the Add Application button. The Add Application dialog box opens.

    Select a Type. The available options are:

    • Application Family: Each application is mapped only mapped to one Application Family

    ■  Select an Application Family and the Applications that needs to be filtered from the traffic.
    ■  In the Traffic Action column, select Pass or Drop to pass or drop the traffic. You can also use Pass All or Drop All to allow or drop the traffic for all the applications.

    • Application Tag: Each application can be mapped to one or more Application Tags.

    ■  Select an Application Tag and the Applications that needs to be filtered from the traffic.
    ■  In the Traffic Action column, select Pass or Drop to pass or drop the traffic. You can also use Pass All or Drop All to allow or drop the traffic for all the applications.

    User Defined Applications: To configure User Defined Applications for AFI, follow the steps given below.

    a. Enable User Defined Applications toggle button in the Options page. Refer to User Defined Application topic for more detailed information on what is user defined applications and how to configure it.
    b. In this Add Application dialog box, select User Defined Applications from the Application Family list.
  6. To pass or drop any remaining traffic in the network, enter the priority and AE ID in the default rule set available. Select Pass or Drop option for Any Remaining Traffic field.
  7. Click the THRESHOLDS tab. For more details on how to create and apply threshold template, refer to Traffic Health Monitoring.
  8. To reuse the configuration, click Add to Library. Save the application filtering configurations using one of the following ways:
    1. Select an existing group from the Select Group list or create a New Group with a name.
    2. Enter a description in the Description field, and click Save.
    3. The saved map can be found in the Map Library in the Edit Monitoring Session Canvas Page.
  9. Click Save.

To edit a map, select the map and click Details, or click Delete to delete the map.

When using Application Filtering application, you can either use a single tunnel, to tunnel all the filtered traffic from the application or use a separate tunnel for each rule configured.