1 Reply Latest reply on Mar 19, 2010 11:59 AM by smartd

    Trying to see "On Net" HTTP traffice using Application Definitions

    smartd

      I tried to create a new Application for HTTP that has source and destination "on-net"  (172.16.0.0/12 & 10.0.0.0/8) using address groups.

      It appears that Source and Destination work as a logical "OR" not a logical "AND".  Is this true, and is there a way to change this behavior?

      -=Dan=-

        • Re: Trying to see "On Net" HTTP traffice using Application Definitions
          smartd

          OK, I see that it appears as a logical "AND", which is what I want.

          What I'm trying to do is get one rule that detects traffic sourced and destined on-net.  That works.  The other rule needs to show all OTHER HTTP traffic.  That doesn't seem to work right, as there is an UNMANGAGED port 80 that shows a ton of traffic.  I'm obviously doing something wrong.

          Addresses:

          ON-Net "172.16.0.0/12, 10.0.0/8"
          Not-ON-Net "1.0.0.0-9.255.255.255, 11.0.0.0-172.15.255.255, 172.32.0.0-255.255.255.255"

          Applications

          HTTP-OnNet  Port 80 Proto TCP Source ON-Net Destination ON-Net
          HTTP  Port 80 Proto TCP  Source ON-Net Destination Not-On-Net
          HTTP-UDP  Port 80 Proto UDP  Source Any Destination Any