Deep Packet Inspection (DPI) filter

NethSecurity uses the Netify Agent to employ Deep Packet Inspection (DPI) techniques for filtering network traffic.

The Netify Agent functions as a deep-packet inspection server, leveraging nDPI (formerly OpenDPI) to identify network protocols and applications. Detected information can be stored locally, accessed through UNIX or TCP sockets, or sent via HTTP POSTs to a remote third-party server. Details such as flow metadata, network statistics, and detection classifications can be used to take decision on the flow.

Here’s how it operates:

• the Netify flow actions plugin assigns labels to matching connections

• nft rules can then either block or adjust priority (DSCP) for connections based on these labels

The administrator can create Deep Packet Inspection (DPI) rules for each interface.

Configuration

To configure these rules, the administrator initiates the process by selecting the particular network interface on which the rule is intended to operate. This step ensures that the rule is precisely applied to the designated segment of the network, allowing for targeted and effective management of network traffic.

Following the selection of the interface, the administrator is prompted to specify the applications that are to be blocked or regulated. This essential step involves choosing from a comprehensive list of applications accessible through the system interface.

The interface, as a default feature, presents a catalog of commonly used applications. However, it provides an advanced search functionality enabling the administrator to explore and pinpoint specific applications and application categories that require special attention.

Premium application signatures

Enterprise subscription required

This feature is available only if the firewall has a valid enterprise subscription.

It’s noteworthy that the number of applications that can be identified and managed by the system is influenced by the presence of an active Enterprise subscription. In the absence of a subscription, the system inherently recognizes a baseline of approximately 400 applications. However, with an active subscription, this capacity significantly expands, encompassing around 3000 applications. In this scenario, the list of recognized applications undergoes daily updates, ensuring that the system stays abreast of the ever-evolving landscape of applications and digital services.

Exceptions

DPI exclusion allows for the exclusion of specific network addresses, such as the gateway or other critical infrastructure, preventing them from being blocked.

To add a new exception, click the Add exception button. Enter the IP address that should be exempted from the filter. You can include a description explaining the reason for the exclusion.

Each exception can be enabled or disabled as desired.