[IAG] Custom application matching does not take effect

Problem Description

The user customized an application to match a domain name, all IP addresses, and the direction is lan-wan. In actual use, the traffic of several users accessing the domain name cannot be matched to the customized application.

Effective troubleshooting steps

1. Check the configuration and confirm that the custom application configured by the customer is correct;
   
2. Check DNS to confirm that the domain name is consistent with the IP address resolved by the terminal;
   
3. When coordinating with the customer's intranet PC to use the ssh function to test the target domain name port, check the connection monitoring and behavior logs, and the non-customized application can be identified normally;
4. When the customer actually uses the domain name through the client, the traffic is still misidentified;
5. Capture the optimization package and debug the firewall to check if the application is incorrectly identified;
   
6. Capture data packets and feedback to the R&D department for playback test to check if there is a connection initiated from wan-lan;

solution

When the customer uses the client to connect to this custom application, there is a connection in the wan-lan direction. This part of the traffic cannot be matched to the custom application. After changing the direction of the custom application to lan-wan bidirectional connections and matching them, the test can match the custom application normally.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=23971&isOpen=true