Overview of Applications and Application Groups
This section provides the definition and objective of an application.
The traditional FW identifies applications by protocol and port, and cannot distinguish applications using the same protocol and port. After analyzing the data packets and comparing the signatures of each application, the FW identifies various common applications with finer granularity than the traditional FW. For example, web games and videos both use HTTP and port 8080 for data transmission. Traditional FWs cannot distinguish web games from web videos by port and protocol. However, the FW can identify them based on their features.
The FW depends on unique signatures to identify applications. The FW supports the following types of applications:
-
Identifying various common applications using the service awareness signature database
Huawei develops an service awareness signature database after analyzing diversified applications. The service awareness signature database defines the features of applications for application identification. The FW can identify applications defined in the loaded service awareness signature database. These applications are displayed on the FW as predefined applications. Predefined applications cannot be modified or deleted. You can obtain the latest predefined applications by updating the service awareness signature database periodically.
Identifying specified applications based on user-defined application rules
You can define new applications based on the feature of the applications.
The FW identifies each application by attribute and rule:
The FW uses four attributes (category/subcategory, flag, data transmission model, and risk level) to describe an application. Attributes can be used to filter out or understand an application. For details about these attributes, see Mechanism.
- The FW uses rules to identify applications. Packets matching a rule belong to the application corresponding to the rule.
You can regularly update the service awareness signature database to obtain the latest predefined applications.
The FW supports the combination of applications with the same management and control requirements. A set of applications is called an application group. The FW allows you to add predefined and user-defined applications to one application group.