This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Creating a custom fingerprint with IP as server

Creating a custom fingerprint with IP as server

Chad5
Contributor

‎10-17-2022 12:22 PM

Hi All,

Trying to create a new analytics fingerprint where it will classify flows based on the IP being the server in the flow. In my testing now, it seems that it will classify the flow as the new custom fingerprint regardless if it's client or server.

Thanks for any help,

0 Kudos
1 REPLY 1

Zdeněk_Pala
Extreme Employee

‎10-25-2022 06:58 AM

Hi Chad

here is an example of the signature that should do the similar task to what you want:

 

  <Signature protocol="tcp" name="APP:MY-TEST" confidence="30" group="streaming" onAP="yes" createdDate="2013101100" modifiedDate="2013101100">
    <AppID>99999</AppID>
    <DisplayName value="MY-TEST"/>
    <ExtendedLanguage dst-ip="12.34.56.0" dst-mask="22">
        </ExtendedLanguage>
    <Description><![CDATA[This fingerprint looks for IP traffic in the 12.34.56/22 range]]></Description>
    <Enabled value="yes"/>
  </Signature>

You should:

  1. Backup your configuration
  2. Create new fingerprint by GUI
  3. Investigate the APPID of your fingerprint
  4. Hold CTRL while clicking on the hamburger menu and select "Create Fingerprint from XML..."
  5. Then insert your XML based fingerprint.

Be aware this is not an officially supported procedure = you can crash your system if you insert garbage

 

 

Regards Zdeněk Pala
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN