Adding and updating application group objects
To properly classify applications on your network it is important to understanding what is happening and for controlling or protecting a particular type of traffic.
The Exinda Appliance comes with a long list of predefined applications used to classify your network traffic. If, however, you want to create your own application, you can create new applications based on L7layer 7, the application layer of the OSI signatures, TCPTransmission Control Protocol/UDPUser Datagram Protocol port numbers and port ranges, or network objects.
You may also want to monitor, control, or protect your traffic by grouping a set of applications. For instance, controlling social networking applications as a group in most cases provides adequate granularity. The Exinda Appliance comes with a default set of application groups. You can add new applications to these groups, or create new groups, or delete existing groups.
There are several predefined application groups, such as Mail, P2P, Voice, etc. You can edit existing application groups or create new ones.
NOTE
A given application can exist in multiple application groups. However, monitored groups must not contain applications which are already a member of another group being monitored. Any given application can only be monitored within a single application group.
Adding application group objects in the Exinda Web UI
To add a new application group
- Go to Configuration > Objects > Applications > Application Groups.
- In the Add New Application Group area type a name for the new group.
- Select the applications that belong in the new group. By default, there are four drop-downs available to add Application Objects. If you need to add more, save the application group objectLogically groups applications, then select the Edit button next to the newly created application group. You will be presented with four additional drop-downs to add more applications.
- If you want this application group to be monitored in the Application Group report, select the Monitoring checkbox.
- Click Add New Application Group.
To update an application group
- Go to Configuration > Objects > Applications > Application Groups.
- Locate the group from which to add or delete applications and click Edit.
- Select a new application from a blank drop-down list. Or to remove an application, open the drop-down list with the application to remove and select the blank row at the top.
- Click Apply Changes.
What application groups are predefined?
For more information refer to Predefined Application Groups.
Adding application groups in the EMC
The Exinda Management Center provides a comprehensive set of built-in Application Groups for you to use, but you can also define Custom Application Groups.
Although an application can be a member of multiple application groups, to prevent conflict it can only be a member of the application group that is currently monitoring traffic. For example, Skype cannot be added to both the Voice group and the Messaging group because EMCExinda Management Center, SaaS service to centrally monitor and configure multiple Exinda appliances can gather data from only one monitored application group for reporting.
When an Application Group is created in the librarythe Exinda repository for network objects and their definitions, it is applied tenant-wide and is therefore available in every appliance group within an Appliance Group section. If an application group is set for monitoring and/or being used in the optimizer tree, then this application group is pushed to the respective appliances within the push configuration.
If a custom application is added to an application group, where the group does not exist in the configuration of the appliances, the application is first added to the appliances and then the group is imported.
In addition, the following limitations should be noted:
- If one application within a group is not supported by an appliance, then that application definition will not be sent to that specific appliance.
- If you try to add an application to an appliance with a firmware version does not support the application, the EMC displays an error for the appliance and the application is not imported. However, the appliance does import the application group along with other settings.
Where do I find Application Groups?
Application Group library items can be found in Library > Application Group. A lock icon in the Monitoring column indicates that an Application Group is in use and cannot, therefore, be deleted.
To use an Application Group in a policy rule definition
When creating a policy rule, you can use an Application Group to filter traffic to or from the applications within the group. The Application Groups appear in the Application list within the Filter section. Refer to For more information refer to Policies. for details.
How do I configure built-in Application Groups?
You can modify application groups either within the configured appliances or from the library.
- Click the desired application group name to edit.
- You can configure monitoring status and add or remove applications within this group.
- You could also view which policies are currently using this application group under In Use.
How do I create an custom application group?
- Go to Library > Application Groups and click Create new application group in the library…
- Provide a name, configure monitoring, if you want this group to be monitored, and add the applications to be part of this group.
How do I know which application groups are enabled for monitoring?
By default, all the built-in application groups are enabled for monitoring. On the main Application Groups page, you can view the specific groups that are set for monitoring.
You can always change the monitoring configuration by clicking on the application group name and changing it.