NethSecurity uses the Netify Agent to employ Deep Packet Inspection (DPI) techniques for filtering network traffic.
The Netify Agent functions as a deep-packet inspection server, leveraging nDPI (formerly OpenDPI) to identify network protocols and applications. Detected information can be stored locally, accessed through UNIX or TCP sockets, or sent via HTTP POSTs to a remote third-party server. Details such as flow metadata, network statistics, and detection classifications can be used to take decision on the flow.
Here's how it operates:
- the Netify flow actions plugin assigns labels to matching connections
- nft rules can then either block or adjust priority (DSCP) for connections based on these labels
The administrator can create Deep Packet Inspection (DPI) rules for each interface.
To configure these rules, the administrator initiates the process by selecting the particular network interface on which the rule is intended to operate. This step ensures that the rule is precisely applied to the designated segment of the network, allowing for targeted and effective management of network traffic.
Following the selection of the interface, the administrator is prompted to specify the applications that are to be blocked or regulated. This essential step involves choosing from a comprehensive list of applications accessible through the system interface.
The interface, as a default feature, presents a catalog of commonly used applications. However, it provides an advanced search functionality enabling the administrator to explore and pinpoint specific applications and application categories that require special attention.
Subscription required
This feature is available only if the firewall has a valid :ref:`Community or Enterprise subscription <subscription-section>`.
In the absence of a subscription, the system inherently recognizes a baseline of approximately 400 applications. However, with an active subscription, this capacity significantly expands, encompassing around 3000 applications. In this scenario, the list of recognized applications undergoes daily updates, ensuring that the system stays abreast of the ever-evolving landscape of applications and digital services.
DPI exclusion allows for the exclusion of specific network addresses, such as the gateway or other critical infrastructure, preventing them from being blocked.
To add a new exception, click the Add exception button.
Enter the IP address that should be exempted from the filter.
You can include a description explaining the reason for the exclusion.
Each exception can be enabled or disabled as desired.