No recent application signature updates

  • 1
  • Question
  • Updated 3 years ago
The current version of application signatures for us is 4.0.6 from 11/14/2014.  In 2014, we had 3 different updates...this year there have been none.  Surely there have been updates in traffic types that would require regular updates.  Is Aerohive looking at using a different provider for app signatures?
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes

Posted 3 years ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
HiveOS uses an embedded copy of the NAVL library for its AVC purposes:

http://www.proceranetworks.com/deep-packet-inspection

https://www.youtube.com/watch?v=dpOghFYm_BY

I'd expect there to be an update for the signatures when 6.5r3 becomes available.

Historically, signature updates have come with an accompanying HiveOS release.

The base signatures that Aerohive use are provided and maintained by Procera.

-----

I'm also curious about the management of signatures when using HM-NG as there appears to be no ability to see the version of the signatures installed or an ability to manually upload them. It may be automated, but I'm as yet unaware of a CLI command to show the version of the signatures installed to verify what's going on. (Short of moving an AP back to classic HM, I'm not yet sure how to verify.)

I am a little surprised that "show version detail" doesn't give us the L7 signature version and also show the full version information of the backup HiveOS.

(Trivia: There's an image header that is relatively easily parsed on a HiveOS image, it's easily observable in binary form in a hex editor and you can pick out salient bits of information that are in ASCII just by looking at the character mapped display.)
(Edited)
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
My main problem with this is that my top application by usage is HTTP. (It's 3x the amount of traffic of my #2 which is Netflix.)  I understand that SSL traffic is all lumped into one category, but do I have that much HTTP traffic that is unidentified?
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
The most recent version is 4.0.8, which came with HM 6.6.

I believe you can download the signature file from the support portal.
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
We are on version 6.6r1 of HiveManager Online (server retail-useast-02) and when I try to "Upload and Activate Application Signatures", the latest version is listed as 4.0.6 (11/14/2014).  Are you saying that I need to download the signature file from the support portal and then upload it to my Hivemanager?  I don't recall ever doing that before. 
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
It should be available to you. I will check with support as to why it is not showing on your server.
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
Thanks.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Support uploaded the AP230 and AP330 signatures to that server. There does not appear to be one available for AP121, since there is no HiveOS 6.6 for that platform. 
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
I seem them now.  Thanks!
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
You can certainly do it via the CLI, Van if that's an acceptable workaround?

I suspect it's not yet been uploaded by the HMOL team.
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
We are not going to upload signatures to 500 access points via the cli...kind of defeats the purpose of having centralized management.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Sounds like a fun evening to me! ;)
Photo of Van Jones

Van Jones

  • 75 Posts
  • 4 Reply Likes
I think it's time for you to take a vacation.  :)