SevOne

Hi all

Our SevOne receives flows from a Cisco SD-WAN environment and there is a bandwidth intensive application that SevOne will report as Unknown. We know the application representing these flows going by the destination IP address and TCP port characteristics. But we would really like to enable SevOne to know the application name rather than reporting as Unknown.

So far we have defined a custom application in NBAR that is running on the Cisco SD-WAN platform and the flow reporting within that platform correctly labels the traffic according to our custom application name.  How do we enable SevOne to also use this custom application name?

Thanks

I think you can go to Administration -> Flow Configuration -> Apps and Protocols and define this application given you know the IP and Port.

Hi all

Our SevOne receives flows from a Cisco SD-WAN environment and there is a bandwidth intensive application that SevOne will report as Unknown. We know the application representing these flows going by the destination IP address and TCP port characteristics. But we would really like to enable SevOne to know the application name rather than reporting as Unknown.

So far we have defined a custom application in NBAR that is running on the Cisco SD-WAN platform and the flow reporting within that platform correctly labels the traffic according to our custom application name.  How do we enable SevOne to also use this custom application name?

Thanks

Thanks Dave, if I understand correctly you have shared a view from 7.1. We are running an earlier version 6.8 which has a different navigation. The guide for 6.8 explains how to define new protocols and new services, but no reference to defining new applications. Would you think that the term "services" equates to an application?

I think you can go to Administration -> Flow Configuration -> Apps and Protocols and define this application given you know the IP and Port.

Hi all

Our SevOne receives flows from a Cisco SD-WAN environment and there is a bandwidth intensive application that SevOne will report as Unknown. We know the application representing these flows going by the destination IP address and TCP port characteristics. But we would really like to enable SevOne to know the application name rather than reporting as Unknown.

So far we have defined a custom application in NBAR that is running on the Cisco SD-WAN platform and the flow reporting within that platform correctly labels the traffic according to our custom application name.  How do we enable SevOne to also use this custom application name?

Thanks

Hi Greg,

In 6.8 apps are referred to as services.  In 7.0+ you will see a change where they are referred to as "apps".  You can add a new custom service (app) and then associate the ports and IP addresses of your systems to that service name.  You can also use an aggregation port (high port number e.g. (tcp/50000) to aggregate all traffic from various servers and ports to a single value -- useful if you want to get a picture of total volume across all service-related ports for that app.

Thanks Dave, if I understand correctly you have shared a view from 7.1. We are running an earlier version 6.8 which has a different navigation. The guide for 6.8 explains how to define new protocols and new services, but no reference to defining new applications. Would you think that the term "services" equates to an application?

I think you can go to Administration -> Flow Configuration -> Apps and Protocols and define this application given you know the IP and Port.

Hi all

Our SevOne receives flows from a Cisco SD-WAN environment and there is a bandwidth intensive application that SevOne will report as Unknown. We know the application representing these flows going by the destination IP address and TCP port characteristics. But we would really like to enable SevOne to know the application name rather than reporting as Unknown.

So far we have defined a custom application in NBAR that is running on the Cisco SD-WAN platform and the flow reporting within that platform correctly labels the traffic according to our custom application name.  How do we enable SevOne to also use this custom application name?

Thanks