Override Application Visibility Settings

About this task

Deep packet inspection (DPI) is an advanced packet analysis technique, which analyzes packet and packet content headers to determine the nature of network traffic. When DPI is enabled, packets of all flows are subjected to DPI to get accurate results. DPI identifies applications (such as, Netflix, Twitter, Facebook, etc.) and extracts metadata (such as, host name, server name, TCP-RTT, etc.) for further use by the WiNG firewall.

Legacy WiNG APs and service platforms, running WiNG 7.2.1 OS, use a third-party DPI engine to enforce Application Visibility and Control (AVC) within the managed network. Whereas, 802.11ax AP5xx model APs, use Purview™ libDPI engine. Use this screen to set AVC settings for AP profiles.

Note

Application Visibility is supported on legacy WiNG, 802.11ac APs, running WiNG 7.2.1 OS. These APs are: AP7522, AP7532, AP7562, AP8612, AP8632, AP7662, AP8432, AP8533.

Note

Purview Application Visibility is supported on 802.11ax APs, running WiNG 7.2.1 OS. These APs are AP505i, AP510i/e, AP560i/h. For information on Purview Application Policy and Group, refer to the WiNG 7.2.1 CLI reference guide.

To override a profile‘s application visibility settings at the device level:

Procedure

Select Configuration → Devices from the web UI.
The Device Configuration screen displays in the right-hand side of the UI. This screen lists all devices within the managed network (peer controllers, service platforms and access points).
Select a target device in the lower left-hand side of the UI.
You can also select a target device by double-clicking it in the Device Configuration screen.

The selected device's configuration menu displays in the right-hand UI.
Select Profile Overrides → Security → Application Visibility (AVC).

Note
A blue override icon (to the left of a parameter) defines the parameter as having an override applied. To remove an override go to the Basic Configuration section of the device and click Clear Overrides. This removes all overrides from the device.

The Application Visibility and Control Settings window displays.

Refer the following Application Visibility and Control settings:


Enable dpi	Enable this setting to provide deep-packet inspection. When enabled, network flows are inspected at a granular level to identify applications (such as, Netflix, Twitter, Facebook, etc.) and extract metadata (such as, host name, server name, TCP-RTT, etc.) for further use by the WiNG firewall.
Enable Applications Logging	Select this option to enable event logging for DPI application recognition. This setting is disabled by default.
Applications Logging Level	If enabling DPI application recognition event logging, set the logging level. Severity levels include Emergency, Alert, Critical, Errors, Warning, Notice, Info, and Debug. The default logging level is Notification.
Enable Voice/Video Metadata	Select this option to enable the metadata extraction from voice and video classified flows. The default setting is disabled.
Enable HTTP Metadata	Select this option to enable extraction of metadata from HTTP application data flows. The default setting is disabled.
Enable SSL Metadata	Select this option to enable extraction of metadata from SSL application data flows. The default setting is disabled.
Enable TCP RTT	Select this option to enable extraction of RTT information from TCP flows. The default setting is disabled.

Review the Custom Applications for DPI field to select the custom applications available for this device profile.
For information on creating custom applications and their categories, see Create a Custom Application Definition.
To enable TCP-RTT metadata collection on legacy WiNG AP and service platforms use the App Groups for TCP RTT field to specify the application groups for which TCP-RTT metadata collection is to be enabled.
Select the Application Groups from the drop-down menu and use the green, down arrow to move the selection to the box below. You can add a maximum of eight groups to the list.
If the desired application group is not available, select Create to define a new application group. For information on creating Application groups, see Create a Custom Application Definition.
Click OK to save the changes or overrides.
Click Reset to revert to the last saved configuration.