Hot!"Failed to save changes" when creating a custom application signature

Author
Sean Whalen
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/07/17 15:09:32
  • Location: USA
  • Status: offline
2019/06/14 12:06:18 (permalink)
0

"Failed to save changes" when creating a custom application signature

I'm trying to create a new application signature for the game Fallout 76, which uses the UDP port 3000

F-SBID( --name "game.fallout76"; --protocol udp; --dest_port=3000;)

But get an error saying "Failed to save changes" when I click OK. Why?
#1

6 Replies Related Threads

    tanr
    Platinum Member
    • Total Posts : 680
    • Scores: 31
    • Reward points: 0
    • Joined: 2016/05/09 17:09:43
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/14 12:34:17 (permalink)
    0
    Is it supposed to be dst_port, not dest_port?
    #2
    ede_pfau
    Expert Member
    • Total Posts : 6025
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/14 12:45:43 (permalink)
    0
    It's 'dst-port'.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #3
    Sean Whalen
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/07/17 15:09:32
    • Location: USA
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/14 13:07:32 (permalink)
    0
    Opps. It should be dst_port, but even after changing that, it still gives the same error
    #4
    ede_pfau
    Expert Member
    • Total Posts : 6025
    • Scores: 480
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/14 13:37:35 (permalink)
    0
    OK, I've got it working.
    First, the option "attack_id" is needed. Value between 1000 and 9999.
    Then, I masked the quotation marks in the name (as per CLI).
    Then, it must be "--dst_port 3000", that is, no equal sign between option and value.
     
    So,
    config ips custom
        edit "test"
            set signature "F-SBID( --attack_id 1666; --name \"game.fallout76\"; --protocol udp; --dst_port 3000;)"
            set comment ''
     
        next
    end

    How did I find out?

     
    diag debug enable
     
    diag debug cli 7
    Then, enter the lines and type "next". Syntax check is done at this moment.
    For example,
    Error:
    Line 1 offset 68 option "dst_port=3000" value ""
    protocol udp; --dst_port=3000;)
    unknown option:dst_port=3000
    parse custom rule error
    object set operator error, -2 discard the setting
    Command fail. Return code 1

    post edited by ede_pfau - 2019/06/14 13:39:54

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #5
    Sean Whalen
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/07/17 15:09:32
    • Location: USA
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/15 10:20:52 (permalink)
    0
    It's not an IPS rule though, it needs to be a custom application control rule.
    #6
    Sean Whalen
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/07/17 15:09:32
    • Location: USA
    • Status: offline
    Re: "Failed to save changes" when creating a custom application signature 2019/06/15 10:35:43 (permalink)
    0
    I figured it out :)


    config application custom
        edit "Fallout 76"
            set comment ''
            set signature "F-SBID(--name \"game.fallout76\"; --protocol udp; --dst_port 3000:3001;)"
            set category 8
            set protocol UDP
            set technology Client-Server
            set vendor Other
        next
    end

     
    post edited by Sean Whalen - 2019/06/15 11:32:42
    #7
    Jump to:
    © 2019 APG vNext Commercial Version 5.5