App Control Use Cases
703
SonicOS 5.8.1 Administrator Guide
the first byte in the packet is counted as number one (not zero). Decimal numbers are used
rather than hexadecimal to calculate offset and depth. Offset and depth associated with a
custom match object are calculated starting from the packet payload (the beginning of the TCP
or UDP payload). In this case, the offset is 1 and the depth is 3.
Now you can create a custom match object that uses this information.
In the Match Object Settings window, type a descriptive name for the object and then select
Custom Object from the Match Object Type drop-down list. Select the Enable Settings check
box. In the Offset text box, type 1 (the starting byte of the identifier). In the Depth text box, type
3 (the last byte of the identifier). You can leave the Payload Size set to the default. The Payload
Size is used to indicate the amount of data in the packet, but in this case we are only concerned
with the packet header.
For Input Representation, click Hexadecimal. In the Content text box, type the bytes as shown
by Wireshark: 474554. Do not use spaces in hexadecimal content.
The next step is to use this match object in an App Rules policy. In the App Control Policy
Settings window, type a descriptive policy name and select HTTP Client for the policy type. In
the Match Object drop-down list, select the match object that you just defined. Select a custom