Using Applications

This topic describes how to classify network traffic using application definitions and groups. It includes these sections:

Applications are networked services that run in the internal network or on the internet. Application definitions are a way to attach a business relevancy to all traffic that goes through your network. A separate application definition allows you to configure multiple rules using the same application.

Application definitions also let you group applications, so that you can configure and reuse a single rule for multiple applications with similar characteristics and requirements. Using an application group means that you don’t have to repeat the application definition for each rule, which can reduce the number of rules significantly.

You can regulate access to applications using policy rules, as described in Policy controls.

Because an application can act as a target or a destination in a rule, you need to add the application definition in both directions. A rule with a source IP address looks only at the source IP address, so you need to create a rule that uses the destination IP for the reverse direction.

For convenient traffic rule and security policy creation, SCM predefines a number of application groups like Business or Web Services. When you use an application group in a traffic rule, a single rule can handle many applications based on similar properties. For example, the Business Voice application group classifies all traffic that requires low latency and a high queue priority.

Application groups simplify the configuration and minimize the number of rules needed, providing better scalability.

For details on traffic rules, see To create a traffic rule.

A web category catalog is available to include sites that aren’t covered by a specific application. You can add web categories to application groups.

This table describes some default application groups, web categories, and sample applications, but it does not provide an exhaustive list. See the Applications Group page for the most up-to-date app groups, web categories, and apps associated with a group.

SCM provides a constantly updated catalog of public applications that are available on the internet. For example, Facebook or Salesforce. Every catalog application is assigned to a default predefined application group.

The catalog provides an efficient and accurate way to identify applications for advanced classification of network traffic.

Creating a custom application means that you group together a set of criteria to match certain traffic. You define custom applications to set up access policies for internal services, or specific internet-based services. Internal applications are typically related to a registered server device or device group; however, you can also define applications based on zones, IP addresses, ports, or host/domain names.

After defining the application, you can use it in a rule that defines the policy for internal users and devices. In this example, you define a rule to allow the laptop administrator access to the RDP Active Directory server in the data center. For details, see Outbound and internal rules.

The Riverbed Deep Packet Inspection (DPI) engine can identify and classify business-critical and nonessential network traffic beginning with the first packet of the traffic flow. Some applications can be detected on the first packet; these applications are identified in the application catalog with “1st packet.” Other applications can only be detected after some data have been exchanged, usually on the fourth or fifth packet.

SteelHead SD appliances, SDI-2030 gateways, and SDI-5030 gateways take longer to apply security firewall rules using DPI. The TCP RST packet for a firewalled connection is sent only after DPI is complete. This ensures that a higher priority DPI-based firewall rule is honored correctly, rather than matching a lower priority IP/port-based firewall rule and incorrectly denying the connection. The DPI can take a while (up to 20 packets in SCM 2.11.1 and later) before SteelConnect applies the firewall rule for a given connection.

SteelHead SD appliances, SDI-2030 gateways, and SDI-5030 gateways have different traffic flow classification behavior than the SDI-130, SDI-330, and SDI-1030 gateways.

Group	Web categories	Content types	Sample applications and protocols
Business	Business / Economy Government / Legal Military Political / Activist Groups Computers / Internet Search Engines / Portals Job Search / Careers Real Estate Restaurants / Dining / Food Travel Vehicles Web Applications Web Hosting Translation Content Servers Greeting Cards Marketing Services Ecology / Nature Animals / Pets	Includes a wide range of applications focused on business use.	Captures apps such as Google Calendar, Google Maps / Google Earth, Salesforce, Wunderlist, DATEV.
Images/Photography	Open Image / Media Search Photo Searches	Includes photo and image searches, online photo albums, digital photo exchange, and image hosting.	Captures applications such as Flickr, Picasa, 500px.
Social Networking	Social Networking Personal Pages / Blogs	Includes websites that enable people to connect with others to form an online community. Instant messaging, file sharing and blogs are common features of social networking sites.	Captures applications such as Facebook, Twitter, Instagram, LinkedIn, Tinder, MySpace.
Video/Media/TV	Media Sharing TV / Video Streams	Includes websites that allow sharing of media and have a low risk of including objectionable content such as adult or pornographic material. Also includes websites that provide streams or downloads of television, movie, webcam, or other video content that exceeds 15 minutes.	Captures content such as Twitch, Hulu, Netflix, YouTube, Vimeo, Sky / SkyGo, Amazon Instant Video / Lovefilm, Online TV Recorder (OTR), Maxdone, Plex Media, MyVideo, SAVE.TV, and Zattoo TV.