The Application Visibility Signature Profiles Screen displays all configured Signature Profiles and is used to create, apply, edit, clone, and delete profiles. Signature Profiles are created from a Signature File, which contains Application Signature information for individual applications/protocols as well application groups (pre-configured groups of related applications/protocols). You create a Signature Profile by selecting one or more applications/application groups (or creating a custom group) that contain the applications/protocols you want to monitor/control. You then assign the Signature Profile to network switches. Multiple Signature Profiles can be created from a single Signature File, each containing a different combination applications/application groups. And a Signature Profile can be assigned to one or more switches. However, a switch can be assigned only one Signature Profile.
Note: Application/protocol traffic is monitored using the Analytics application. To view statistics on applications/protocols you have configured in a profile, go to the "Top N Applications - Advanced" Screen (Network - Analytics - Top N Applications - Advanced). Once you configure a profile and assign it to switches statistics for the applications/protocols in the profile are displayed in graphical and table format.
The Signature Profiles Screen displays all configured Signature Profiles. Click on a profile to display detailed profile information.
Signature Profiles are created from a Signature File, which contains application signature information for individual applications/protocols and application groups. You create a Signature Profile by selecting one or more applications/application groups (or creating a custom group) that contain the applications/protocols you want to monitor/control. The Signature Profile Wizard guides you through the steps to create a profile.
There must be at least one application/application group in a profile. In addition to monitoring groups, you can also create enforcement groups using the "Create Signature Profile" Wizard. Click the Create icon to create a new profile. The "Create Signature Profile" Wizard appears. Complete the screens as described below. After creating a profile, you must apply it to switches/ports in the network.
Click on the Add icon to bring up the Create Signature Profile Wizard. The wizard guides you through creating a Signature Profile containing both monitoring groups and enforcement groups. You can create monitoring groups only, without creating enforcement groups. However to configure enforcement, you must configure an enforcement group in the wizard. For enforcement, you then create an Application Visibility Policy List that you use to configure an Access Role Profile. Complete the screens in the wizard as described below, then click on the Create Profile button.
Enter a Profile Name. Enter a name describing the profile you are creating (e.g., 6860 Profile). You can also enter a profile Description. Click Next.
Select a Signature File. LAN Devices (e.g., AppSig.upgrade_kit_1), APs use the AppSig.upgrade_kit Files. You can only select one Signature File at a time. If your network contains both LAN Device and APs, repeat to apply Signature Files to each device type. After selecting a Signature File, click Next.
To select Monitoring Groups, click on Groups, then click on the Choose App Groups button. Select the groups you want to include in the profile, and click OK. You can also create a custom Application Group to include only those applications that you want to monitor by clicking on the Create App Group button. Enter an Application Group Name and Description, select the applications you want to include in the group, and click OK.
To select Monitoring Applications, click on Applications, then click on the Choose Apps button. Select the applications you want to include in the profile, and click OK. Note that if an application is included in a group, you cannot configure it individually.
At this point, you can click on the Create Profile button to just create a Monitoring Profile, or click the Next button to configure an Enforcement Profile.
To select Bandwidth/Enforcement Groups, click on Groups, then click on the Choose App Groups button. Select the groups you want to include in the profile, and click OK. You can also create a custom Application Group to include only those applications that you want to monitor by clicking on the Create App Group button. Enter an Application Group Name and Description, select the applications you want to include in the group, and click OK.
To create bandwidth enforcement policies, click on the link next to ACL/QoS and configure a policy. To configure an Access Role Policy, click on the link next to Access Role Profile and select a profile from the drop-down list.
To select Bandwidth/Enforcement Applications, click on Applications, then click on the Choose Apps button. select the applications you want to include in the profile and click OK. Note that if an application is included in a group, you cannot configure it individually.
To create bandwidth enforcement policies, click on the link next to ACL/QoS and configure a policy. To configure an Access Role Policy, click on the link next to Access Role Profile and select a profile from the drop-down list.
Note: When you configure an Access Role Profile this workflow will not assign the selected Access Role Profile to the devices. You must first assign the Access Role Profile to the devices from Unified Profile Application. All users having the Access Role Profile will be affected.
When you are finished, click on the Create Profile button.
The profile creation is complete and can be used to create reports for monitoring the applications in the profile using the Analytics Application. To configure application enforcement, and create Application Count Reports in the Analytics application, you must create an Application Visibility Policy List using Signature File Groups; and create an Access Role Profile using the Policy List.
From the Signature Files Management Screen, click on an Upgrade Kit to display the Signature Files. Select a Signature File and click on the Edit icon. You can edit the Profile Name, Description, and Application Groups as described above. When you are done editing, click on the OK button. After editing the profile, you must apply it to switches/ports in the network. Note that you cannot edit a Default Profile.
You can clone an existing profile and edit it to create a new profile. Note that when you import a Signature File, a Default Profile is created and appears in the Signature Profiles Table. These profiles contain all of the applications/application groups for each file type. You can create a new profile from scratch as described below, or you can clone one of the default profiles and modify it to create a new profile. To clone and modify a Default Profile, select the profile and click on the Clone icon. The "Create Signature Profile Wizard" appears. Use the wizard to modify the default profile to create a new one.
1. Select a Signature File and click the Clone icon.
2. Edit the profile as described above and click the OK button.
3. Apply the profile to switches/ports in the network.
After creating/editing/cloning a profile, you must apply it to devices/ports in the network. Select the Signature Profile and click on the Apply to Devices button at the top of the screen. The Apply to Devices Screen will appear.
1. Select the AOS Devices/AP Groups to which you want to assign the profile. Only devices/AP Groups without an applied Signature Profile that support the profile type you are applying are displayed (e.g., OS6860/APs are displayed for a profile created with an OS6860/AP Signature File).
2. For AOS Devices, click on the "Add Port" Link under each device to select device ports. (Only OS6860N switches running 8.7R2, or higher, support Application Visibility configuration on link aggregate member ports; OS6860/6860E switches do not.)
3. Click on the Apply button. The progress is displayed on the Action Results Screen. Click OK to return to the Signature Profiles Screen.
Note: You can only assign one (1) Signature Profile to a device/AP Group. Also, when you apply a Signature Profile, any pre-existing Application Visibility configuration on a device is erased and the new profile configuration is used, including any Application Visibility configuration done from the CLI.
Note: If a Signature Profile is applied to an AP Group that contains APs that do not support Application Visibility, (AP1101, AP1201L, AP1201H, AP1201HL, AP1201BG), the profile will not be applied to those APs. If none of the APs in the group support Application Visibility, the profile apply operation will still succeed. If a new AP that supports Application Visibility is added to the group at a later date, the profile will automatically be applied to that AP.
Note: To apply a new profile to a switch with an existing profile, you must first remove the old profile from the switch before assigning the new one.
As mentioned above, when applying a profile, only supported Devices/AP Groups without an assigned Signature Profile are displayed. If you want to apply a different profile to a Device/AP Group, you must first remove the old profile before applying a new one. The process is similar to applying a profile. Select the Signature Profile you want to remove from a Device/AP Group and click on the Apply to Devices button. The Devices/AP Groups to which the profile has been applied are displayed in the List of Selected Devices Table. Select a Device/AP Group and click on REMOVE. Click on the Apply button.
To delete a profile, select it and click on the Delete icon. Click OK at the confirmation prompt. Note that you cannot delete a Signature Profile that has been applied to devices on the network. You must first remove the profile from any devices before deleting it.