Application Rule Conditions
When the system analyzes IP traffic, it can identify and classify the commonly used applications on your network. This discovery-based application awareness is the basis for application control—the ability to control application traffic.
System-provided application filters help you perform application control by organizing applications according to basic characteristics: type, risk, business relevance, category, and tags. You can create reuseable user-defined filters based on combinations of the system-provided filters, or on custom combinations of applications.
At least one detector must be enabled for each application rule condition in the policy. If no detector is enabled for an application, the system automatically enables all system-provided detectors for the application; if none exist, the system enables the most recently modified user-defined detector for the application. For more information about application detectors, see Application Detector Fundamentals.
You can use both application filters and individually specified applications to ensure complete coverage. However, understand the following note before you order your access control rules.
Benefits of Application Filters
Application filters help you quickly configure application control. For example, you can easily use system-provided filters to create an access control rule that identifies and blocks all high risk, low business relevance applications. If a user attempts to use one of those applications, the system blocks the session.
Using application filters simplifies policy creation and administration. It assures you that the system controls application traffic as expected. Because Cisco frequently updates and adds application detectors via system and vulnerability database (VDB) updates, you can ensure that the system uses up-to-date detectors to monitor application traffic. You can also create your own detectors and assign characteristics to the applications they detect, automatically adding them to existing filters.
Application Characteristics
The system characterizes each application that it detects using the criteria described in the following table. Use these characteristics as application filters.
Characteristic |
Description |
Example |
---|---|---|
Type |
Application protocols represent communications between hosts. Clients represent software running on a host. Web applications represent the content or requested URL for HTTP traffic. |
HTTP and SSH are application protocols. Web browsers and email clients are clients. MPEG video and Facebook are web applications. |
Risk |
The likelihood that the application is being used for purposes that might be against your organization’s security policy. |
Peer-to-peer applications tend to have a very high risk. |
Business Relevance |
The likelihood that the application is being used within the context of your organization’s business operations, as opposed to recreationally. |
Gaming applications tend to have a very low business relevance. |
Category |
A general classification for the application that describes its most essential function. Each application belongs to at least one category. |
Facebook is in the social networking category. |
Tag |
Additional information about the application. Applications can have any number of tags, including none. |
Video streaming web applications often are tagged high bandwidth and displays ads. |