Manualshelf

Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(
241242243244245246247248249250
Aruba Instant 6.4.0.2-4.1 | User Guide Deep Packet Inspection and Application Visibility | 242
Chapter 17
Deep Packet Inspection and Application Visibility
This chapter provides the following information:
l Deep Packet Inspection on page 242
l Enabling Application Visibility on page 242
l Application Visibility on page 243
l Configuring Access Rules for Application and Application Categories on page 247
l Configuring Web Policy Enforcement on page 250
Deep Packet Inspection
AppRF is Aruba's custom built Layer 7 firewall capability. It comprises of an on-board deep packet inspection and a
cloud-based Web Policy Enforcement service that allows creating firewall policies based on types of application.
The web policy enforcement capabilities require the IAP to have a web policy enforcement subscription. Please
contact the Aruba Sales Team.
IAPs with DPI capability analyze data packets to identify applications in-use and allow you to create access rules to
determine client access to applications, application categories, web categories and website URLs based on security
ratings. You can also define traffic shaping policies such as bandwidth control and QoS per application for client
roles. For example, you can block bandwidth monopolizing applications on a guest role within an enterprise.
The AppRF feature provides application visibility for analyzing client traffic flow. IAPs support both the power of in-
device packet flow identification and dynamically updated cloud-based web categorization.
To view the graphs, set the AppRF visibility option in the System window to Enabled. For more information on DPI
ACLs and AppRF visibility, see the following topics:
Enabling Application Visibility
Enabling AppRF visibility allows you to view the AppRF statistics for an IAP or the clients associated with an IAP.
When visibility is enabled, the AppRF link appears on the dashboard area of the main window. On clicking this link,
you can view the client traffic flow based on the enforcements.
You can enable AppRF visibility through the Instant UI or CLI:
In the Instant UI
1. Navigate to System>General.
2. Select Enabled from the AppRF visibility drop-down.
3. Click OK.
In the CLI
To enable AppRF visibility:
(Instant AP)(config)# dpi
(Instant AP)(config)# end
(Instant AP)# commit apply