Perhaps this should be a feature request, but I feel like I am just doing this wrong.
I have an application, GE Centricity, which likes to use a wide range of ports from 6000-6060. Sometimes it is talking directly to one of two servers. Since those two servers only run this one application, I can easily make a Fingerprint based on *address*. However - this application also loves to broadcast (yuck) and since the source IP can be one of a dozen VLAN's on my wireless network, and the destination is going to be *something* ending in 255 ... that leaves me a little lost.
I am trying to define a Fingerprint for a port range but I don't see a way to do that. What is the preferred method to handle this? Should I create 60 different rules, one for each port number, but all with the same application name and application group? Seems like the wrong way to do it.
EDIT: Here are some flow example screenies' ...
I have an application, GE Centricity, which likes to use a wide range of ports from 6000-6060. Sometimes it is talking directly to one of two servers. Since those two servers only run this one application, I can easily make a Fingerprint based on *address*. However - this application also loves to broadcast (yuck) and since the source IP can be one of a dozen VLAN's on my wireless network, and the destination is going to be *something* ending in 255 ... that leaves me a little lost.
I am trying to define a Fingerprint for a port range but I don't see a way to do that. What is the preferred method to handle this? Should I create 60 different rules, one for each port number, but all with the same application name and application group? Seems like the wrong way to do it.
EDIT: Here are some flow example screenies' ...
