ExtremeCloud Layer 7 not Working ?

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I ́m building current my first ExtremeCloud Solution in our Demo Lab and wanted to test the "App Filter"
I have created a Network with an own SSID + WPA2 and a own Role. The Role does contain only 2 rules .. "First Rule .. "deny Application Facebook"  Second rule .. "let pass all the other traffice" .... but after 10 minutes waiting .. i can surf to Facebook .. and post there without Problem. Has anyone of you already testet this "App Filter" and it worked ??
Photo of info@systemhaus-genthin.de

Posted 2 years ago

  • 0
  • 1
Photo of Pala, Zdenek

Pala, Zdenek, Employee

  • 10,186 Points 10k badge 2x thumb
Dropbox worked for me. I have not tries facebook yer.
ok .. i will try dropbox and give a reply
it don ́t work for me .. with  this simple stupid config, containing only 2 rules .. the user can Sync his dropbox .. and that should not work .. can anybody explain why ?
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,288 Points 50k badge 2x thumb
Is the AP synced with the cloud config i.e. mine isn't = * right beside the AP name...

Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,288 Points 50k badge 2x thumb
Also check in >Clients, does the client has the right role.
I've changed the role in the network but the client still show the old/default allow role.
thx for the Reply .. but i have checked this .. the Client has the configured Role with the 2 rules that should block dropbox .... :-(

And of Course .. AP is synced :-)

Edith says :

it ́s a brand new 3912 AP .. perhaps .. Extrem has forgotten to activate policys .. into this device ... :-(
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 51,288 Points 50k badge 2x thumb
weird, mine is working = can't load any instagram's on my iphone app... even it took a while till the config was synced.

I've add/remove the client from the blacklist to force my role change.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,792 Points 10k badge 2x thumb
Application identification needs to see a few packets before it starts blocking, the initial Dropbox connection might slip through. Did you test to sync a file bigger than about 25KB?
Photo of Umut Aydin

Umut Aydin, Escalation Support Engineer

  • 2,300 Points 2k badge 2x thumb
Cloud 3.21.03 is released.
There is some fixes here.
Please look if this is working for you.


Umut Aydin
we already have there the 3.21.03.-9
.... gave my holy breakfest siesta to this problem :-)
I think it ́s a Problem of the new AP3912 ... i have today tested an other AP 3935i .. and have used the same role .. and there it works ..  "official all 39XX AP support Policy and Layer 7 Filtering" but i think the new AP3912 dont know this
i will open a case to get an official Statement wether a 3912 is working with Layer 7 Filterung or not .
Photo of Thomas Borrel

Thomas Borrel, Employee

  • 480 Points 250 badge 2x thumb
Thank you for bringing this to our attention. ExtremeCloud will support the AP3912i in our next release, currently scheduled for the end of this month (February). Let's connect offline as this is most likely why you are having issues with application filters on this AP model
Photo of Paulo Francisco

Paulo Francisco, Employee

  • 1,534 Points 1k badge 2x thumb

In terms of applicaton signatures, please keep in mind as well that while Application providers (Facebook, ....) strive to provide a constant look and feel across various platforms, the actual underlying implementations very significantly from one platform to another. This is due to the characteristics of the underlying OS, APIs and mechanism available, content delivery capabilities and restrictions, commercial agreements and sometimes just software maintenance changes, the application streams will vary significantly from one platform to another - mostly invisible to the end user. We strive to keep our signature sets as accurate as possible and rollout new updates when available in the AP firmware. Latest signature sets have been rolled out with ExtremeWireless(TM) 10.21.01.

The latest ExtremeCloud(TM) 3.21.03 upgrade is currently rolling out the upgrade of managed and supported access points to ExtremeWireless v10.21.02. May take several days for all APs to be at that newer release (from 10.04.01). Please check the version of your managed AP and try again once your APs are at the latest firmware revision.