Concept Guide
Table Of Contents
- About this Guide
- About Instant
- Setting up a W-IAP
- Automatic Retrieval of Configuration
- Instant User Interface
- Initial Configuration Tasks
- Customizing W-IAP Settings
- Modifying the W-IAP Host Name
- Configuring Zone Settings on a W-IAP
- Specifying a Method for Obtaining IP Address
- Configuring External Antenna
- Configuring Radio Profiles for a W-IAP
- Configuring Uplink VLAN for a W-IAP
- Changing the W-IAP Installation Mode
- Changing USB Port Status
- Master Election and Virtual Controller
- Adding a W-IAP to the Network
- Removing a W-IAP from the Network
- VLAN Configuration
- IPv6 Support
- Wireless Network Profiles
- Configuring Wireless Network Profiles
- Configuring Fast Roaming for Wireless Clients
- Configuring Modulation Rates on a WLAN SSID
- Multi-User-MIMO
- Management Frame Protection
- Disabling Short Preamble for Wireless Client
- Editing Status of a WLAN SSID Profile
- Editing a WLAN SSID Profile
- Deleting a WLAN SSID Profile
- Wired Profiles
- Captive Portal for Guest Access
- Understanding Captive Portal
- Configuring a WLAN SSID for Guest Access
- Configuring Wired Profile for Guest Access
- Configuring Internal Captive Portal for Guest Network
- Configuring External Captive Portal for a Guest Network
- Configuring Facebook Login
- Configuring Guest Logon Role and Access Rules for Guest Users
- Configuring Captive Portal Roles for an SSID
- Configuring Walled Garden Access
- Authentication and User Management
- Managing W-IAP Users
- Supported Authentication Methods
- Supported EAP Authentication Frameworks
- Configuring Authentication Servers
- Understanding Encryption Types
- Configuring Authentication Survivability
- Configuring 802.1X Authentication for a Network Profile
- Enabling 802.1X Supplicant Support
- Configuring MAC Authentication for a Network Profile
- Configuring MAC Authentication with 802.1X Authentication
- Configuring MAC Authentication with Captive Portal Authentication
- Configuring WISPr Authentication
- Blacklisting Clients
- Uploading Certificates
- Roles and Policies
- DHCP Configuration
- Configuring Time-Based Services
- Dynamic DNS Registration
- VPN Configuration
- IAP-VPN Deployment
- Adaptive Radio Management
- Deep Packet Inspection and Application Visibility
- Voice and Video
- Services
- Configuring AirGroup
- Configuring a W-IAP for RTLS Support
- Configuring a W-IAP for Analytics and Location Engine Support
- Managing BLE Beacons
- Clarity Live
- Configuring OpenDNS Credentials
- Integrating a W-IAP with Palo Alto Networks Firewall
- Integrating a W-IAP with an XML API Interface
- CALEA Integration and Lawful Intercept Compliance
- Cluster Security
- W-IAP Management and Monitoring
- Uplink Configuration
- Intrusion Detection
- Mesh W-IAP Configuration
- Mobility and Client Management
- Spectrum Monitor
- W-IAP Maintenance
- Monitoring Devices and Logs
- Hotspot Profiles
- ClearPass Guest Setup
- IAP-VPN Deployment Scenarios
- Acronyms and Abbreviations
Dell Networking W-Series Instant 6.5.1.0-4.3.1.0 | User Guide Deep Packet Inspection and Application Visibility | 261
Chapter 21
Deep Packet Inspection and Application Visibility
This chapter provides the following information:
l Deep Packet Inspection on page 261
l Enabling Application Visibility on page 261
l Application Visibility on page 262
l Enabling URL Visibility on page 267
l Configuring ACL Rules for Application and Application Categories on page 267
l Configuring Web Policy Enforcement Service on page 270
Deep Packet Inspection
AppRF is Dell's custom-built Layer 7 firewall capability. It consists of an onboard deep packet inspection and a
cloud-based Web Policy Enforcement (WPE) service that allows creating firewall policies based on types of
application. The WPE capabilities require the W-IAP to have a WPE subscription. For more information on
subscription, contact the Dell Sales Team.
W-IAPs with DPI capability analyze data packets to identify applications in use and allow you to create access
rules to determine client access to applications, application categories, web categories, and website URLs based
on web reputation. You can also define traffic-shaping policies such as bandwidth control and QoS per
application for client roles. For example, you can block bandwidth-monopolizing applications on a guest role
within an enterprise.
The AppRF feature provides application visibility for analyzing client traffic flow. W-IAPs support the power of
both in-device packet flow identification and dynamically updated cloud-based web categorization.
Enabling Application Visibility
Enabling AppRF visibility allows you to view the AppRF statistics for a W-IAP or the clients associated with a W-
IAP. Full URL visibility for HTTP sessions fed to Analytics and Location Engine (ALE)is exposed as northbound
APIs which can be consumed by URL analytical engines for advanced client URL data mining and analytics.
You can enable AppRF visibility by using the Instant UI or the CLI.
In the Instant UI
To enable AppRF:
1. Navigate to System > General.
2. Select All from the AppRF visibility drop-down list to view both application and web categories charts or
either App or WebCC to view their DPIgraphs separately.
3. Click OK.
In the CLI
To enable AppRF visibility:
(Instant AP)(config)# dpi [app|webcc]
(Instant AP)(config)# end
(Instant AP)# commit apply