Chapter 32 Application Patrol
UAG Series User’s Guide
377
applications. Usually, this occurs at the beginning of a connection, when the payload is more
consistent across connections, and the UAG examines several packets to make sure the match is
correct. Before confirmation, packets are forwarded by App Patrol with no action taken. The number
of packets inspected before confirmation varies by signature.
Note: The UAG allows the first eight packets to go through the security policy, regardless
of the application patrol policy for the application. The UAG examines these first
eight packets to identify the application.
The second approach is called service ports. The UAG uses only OSI level-4 information, such as
ports, to identify what application is using the connection. This approach is available in case the
UAG identifies a lot of “false positives” for a particular application.
Custom Ports for SIP and the SIP ALG
Configuring application patrol to use custom port numbers for SIP traffic also configures the SIP
ALG to use the same port numbers for SIP traffic. Likewise, configuring the SIP ALG to use custom
port numbers for SIP traffic also configures application patrol to use the same port numbers for SIP
traffic.
Finding Out More
• You must configure services in
Objects > Application
.
• See
Configuration > BWM
chapter for detailed information on bandwidth management.
32.2 Application Patrol Profile
Use the application patrol
Profile
screens to customize action and log settings for a group of
application patrol signatures. You then link a profile to a security policy (see
Note: You must register for the AppPatrol signature service (at least the trial) before you
can use it.
A profile is an application object(s) or application group(s) that has customized action and log
settings.
Click
Configuration > UTM Profile > App Patrol > Profile
to open the following screen.