Configuring a Predefined Application

Procedure

• Configure the application identification mode.

  In the system view, set the application identification mode to full identification.

  sa force-detection enable

  Or, in the system view, set the application identification mode to smart identification.

  undo sa force-detection enable

  • Intelligent Identification: in this mode, the FW identifies the applications of matching traffic only when the application identification policy or content security detection function is configured.
  • Full Identification: in this mode, the FW identifies the applications of all traffic, which deteriorates performance.

• Query the details on a predefined application.

  display application [ pre-defined | name name ]

• Configure port mapping.

  In the system view, configure port mapping.

  port-mapping application-name port port-number acl acl-number

• Set SA parameters.
  1. Access the SA view from the system view.

     sa

  2. Set SA parameters.

     Item	Command
     Enable application identification acceleration.	sa cache [ risk-level { low | high } ] enable
     Set the aging time of the predefined application identification correlation table.	application name name cache type { acceleration aging-time aging-time | multi-channel aging-time aging-time }
     Set the threshold of packet quantity for the SA module to enable port identification.	port-identification packet-number-threshold packets
     Set the maximum number of bytes of sessions that can be detected by the SA module.	detect max-bytes max-bytes
     Set the maximum number of packets of sessions that can be detected by the SA module.	detect max-packets max-packets
     Set the maximum duration in which the SA module detects sessions.	detect max-time max-time
     Enable unidirectional detection for the SA module.	detect uni-direction