Deep Packet Inspection (DPI) / Visibility

Deep Packet Inspection (DPI) / Visibility

Q: Is it possible to use the level 7 data from DPI for routing, QoS, and filtering policies?

A: Yes. Routing, QoS and Policies can be based on parameters of level 3, 4 and 7.

Q: What are the possibilities of inspection when SAP is used?

A: SAP proprietary application uses well known TCP port 3200, so, identification is easy. For SAP in the public cloud, please, see below about identification in public clouds.

Q: What are the possibilities of inspection when Citrix is used?

A: Citrix allows inspection with granularity at two levels, the first level consist in identifying various applications and the second level consists in identifying different levels of priority that may be necessary for transporting application information within a single application (Citrix provides 4 priority levels: for audio "Very High", "High" for the visual user interface, for MediaStream "Medium" and "Low" for printers and series and parallel ports). This last form of classification is the most interesting, since it provides a higher granularity and guarantees the necessary priority according to the criticality of the data transmitted. This second level is supported by the DPI (note, it requires to configure ICA in Multi-Stream mode, which implies the transmission of each priority level in a different TCP session).

Q: Would it be possible to identify applications in the public cloud such as Salesforce, Youtube, Facebook, etc.?

A: Applications in public cloud are not easy to identify as they use several simultaneous connections to distribute load and roles in different servers, then it is required to have predefined them. For instance, for Salesforce, identification is done by IP address, as indicated clicking here, for Microssoft365 identification is based on domain names and IP addresses and it is available here, in general, information is usually accessible from sources and third parties, for instance for Facebook.


Contact us