Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Subscribers 41 subscribers
  • Views 790 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suggestion -is this practical - Admin assigned classifications.

rfcat_vk

Hi,

I have a couple of devices that use port ranges which are not classified. I have created a rule so that I can disable logging and classification for reporting. The devices have over 800 ports outgoing.

My suggestion is when creating a local service that the Admin be able to assign a local name to it so that the reports have some meaning. There is also another issue and that is being able to group report such a larger range of reports other then unclassified which is a general usage not very meaningful classification.

What do you think?

Ian



This thread was automatically locked due to age.
Parents
  • 0

    WebAdmin > Hosts and Services > Services > Add a service.  You can specific a name and port range.

    If and how that gets used in reports, I don't know.

  • 0 in reply to Michael Dunn

    Michael,

    the problem is not the service name but that we cannot assign to a specific application classification a service, for example TCP_XXX to Infrastructure Category.

    This is the point.

  • 0 in reply to lferrara

    The problem of doing this, would be any other traffic going over that TCP/XXX port would also be classified to that category. It would create too many false-positives.

    The correct thing to do would be custom applications based on stream data or SNI, or HTTP content like in PAN or JunOS. But it will probably never happen on XG.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Reply
  • 0 in reply to lferrara

    The problem of doing this, would be any other traffic going over that TCP/XXX port would also be classified to that category. It would create too many false-positives.

    The correct thing to do would be custom applications based on stream data or SNI, or HTTP content like in PAN or JunOS. But it will probably never happen on XG.

    If a post solves your question use the 'Verify Answer' button.

    Ryzen 5600U + I226-V (KVM) v21 EAP @ Home

    Sophos ZTNA (KVM) @ Home

Children
  • 0 in reply to Prism

    You are talking about science fiction for the moment!

    For XG we still need to find a good way to have reporting/logging and certain features working completely.

    Very frustrated how the competition is far away. XG is far away for the Synchronized security but other vendors are moving in the same direction.

  • 0 in reply to Prism

    Hi Prism,

    some time ago, I asked for that feature as well, but again it fell on deaf ears.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 EAP

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML