Application filters (app-filter) are provided as an indirection between protocols and applications to allow the addition of variable parameters (port number, IP addresses, and so on) into an application definition. An application filter is a numbered rule entry that defines the use of protocol signatures and other criteria to define an application. Multiple rules can be used to define what constitutes an application but each rule maps to only one application definition.
The system concept of application filters is similar to IP filters. Match of a flow to multiple rules is possible and is resolved by picking the rule with the lowest entry number that matches. A flow is only ever assigned to one application.
The following criteria can be assigned to an application filter rule entry:
unique entry ID number
application name
flow setup direction
server IP address (or server IP filter list)
HTTP port (or HTTP port list) used by HTTP proxies
server port (or server port list)
protocol signature
IP protocol number
string matches against Layer 5+ protocol header fields (for example, a string expression against HTTP header fields)
The application must be pre-configured before using it in an app-filter. After defined, the new application names can be referenced.