L7 does not trigger

bakkerl · December 16, 2011, 1:15pm

Hello,

For some filtering i need L7 filtering.. This filter should be triggerd on all webbrowser communication and i created the following L7 protocol:

/ip firewall layer7-protocol
add name=Webbrowser regexp="User-Agent: [Mm]ozilla"

In combination with:

/ip firewall filter
add action=log chain=forward comment="Browser test" disabled=no dst-address=\
    192.168.10.10 layer7-protocol=Webbrowser log-prefix="Webbrowser (dest)"
add action=log chain=forward comment="Browser test" disabled=no \
    layer7-protocol=Webbrowser log-prefix="Webbrowser (source)" src-address=\
    192.168.10.10

I would expect some log lines if i am browsing to a service where the traffic is forwarded by this RB.

What am i doing wrong?

jandafields · December 21, 2011, 2:59am

bakkerl:

Hello,

For some filtering i need L7 filtering.. This filter should be triggerd on all webbrowser communication and i created the following L7 protocol:
/ip firewall layer7-protocol
add name=Webbrowser regexp="User-Agent: [Mm]ozilla"
In combination with:
/ip firewall filter
add action=log chain=forward comment="Browser test" disabled=no dst-address=\
    192.168.10.10 layer7-protocol=Webbrowser log-prefix="Webbrowser (dest)"
add action=log chain=forward comment="Browser test" disabled=no \
    layer7-protocol=Webbrowser log-prefix="Webbrowser (source)" src-address=\
    192.168.10.10
I would expect some log lines if i am browsing to a service where the traffic is forwarded by this RB.

What am i doing wrong?

Do a wireshark cap and see if that expression is exactly coming through like that User-Agent: Mozilla and that it isn’t perhaps slightly different.