How to configure DPI on Omada Gateway via Omada Controller

Knowledgebase
Configuration Guide
08-16-2024

Contents

Objective

Requirements

Introduction

Configuration

Conclusion

FAQ

Objective

This article introduces how DPI works and how to configure the function on the Omada Gateway via the Omada Controller.

Requirements

  • Omada Controller (Software Controller / Hardware Controller / Cloud-Based Controller)
  • Omada Gateway (DPI supported)

Introduction

Deep Packet Inspection (DPI) can help users identify, analyze, and control application-layer traffic in the network. The DPI engine includes the latest application recognition signatures to track which applications are using the most bandwidth. Users can better manage and distribute network traffic through DPI. When DPI is enabled, the device will send the forwarded traffic to the local DPI engine for analysis, so as to determine and identify the type of traffic. When Logging Traffic is enabled, the device will collect and save the results of traffic analysis.

Note: Enabling this function will decrease the number of clients. For OC200/220, the maximum client amount could be 500; For OC300, the maximum client amount could be 5000;For OC400, the maximum client amount could be 10000.

Configuration

Follow the steps below to configure DPI.

Step 1. Launch the Controller and go to Settings > Network Security > Application Control > Deep Packet Inspection. Enable Deep Packet Inspection. Note that enabling DPI only activates the inspection capability. If you need to block or control the traffic of certain applications, further configuration is required. Logging Traffic determines whether to record the DPI application statistics logs. Clear Data allows you to select and clear the logged DPI data records.

Path to configuration page of DPI feature

The Application List page allows you to view all the supported applications, as shown in the following figure.

A picture displays the applications can be limited by DPI feature.

Step 2. Go to Rules Management to create new App Rules. Click Create New Rule. Specify a time range for the rule to take effect in the Schedule field. When QoS is enabled, the applications in this rule will be added to the corresponding QoS class to limit their rate. In the Select Apps section, search and select one or more applications to add to the rule.

Path to configuration of application limitation

Step 3. Go to Application Filter and click Create New Application Filter. In the Select Rules section, select one or more rules created in Step 2.

Path to ediit application rules

Displaying the rule just created

Step 4. Go back to the Deep Packet Inspection page and configure the Restriction policy in the Assign Restriction section. Click Create New Assign Restriction and select the Network and the Application Filter created in Step 3 in the pop-up window. Click Confirm and the policy will take effect and block the applications.

Path to create new assign restriction

Step 5. If you have enabled Logging Traffic in Step 1, you can go to Statistics > Application Analytics to view the traffic statistics of different applications.

A page shows the traffics of multiple applications

  • In the Overview section, the pie chart represents the proportional breakdown of all types of network traffic. The information on the right displays the specific application types and their proportions.
  • The Categories section displays the detailed traffic information of specific applications under each category. Click on the traffic data or the More button to navigate to a more detailed statistics page. This will allow you to view the information about the specific devices that are accessing the applications.

The page for viewing the information about the specific devices that are accessing the applications.

Displaying type of traffic used by a client

  • The Apps section displays the traffic statistics on all the applications, including the allowed and blocked ones. Allow Apps provides traffic data information, while Block Apps displays block times.

Page of applications allowed by DPI feature

applications blocked by the DPI feature

  • The User section provides traffic statistics of all the connected clients in the network.

The User section provides traffic statistics of all the connected clients in the network.

Conclusion

Now you have configured DPI on the Omada Gateway and can view the traffic statistics of different applications and clients in the network.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

FAQ

Why does Application Analytics fail to display any traffic statistics even though I have configured DPI?

Re: Ensure that DPI and Logging Traffic is enabled on the gateway, and make sure that you are accessing the applications through the gateway. Generally, it takes around 5 minutes for the application traffic statistics to be reported to the Controller. Please note that if you use a local Controller (i.e. Software/Hardware Controller), the DPI application traffic is reported to the Controller through a specific port (TCP port 29815). In this case, check your local firewall policy to ensure that this port is not being blocked.

Please Rate this Document