This video will give you a quick introduction to Ubiquiti’s Deep Packet Inspection before we begin building firewall rules with it.
From the Ubiquiti Site:
Compared to traditional packet analysis tools which only give a glimpse of packet information such as port number and IP address, Deep Packet Inspection is a method used to analyze the actual data contents in the IP packet, in some cases even encrypted traffic.
When enabled (whether via GUI or CLI), the DPI engine drills down to the core of the packet, collecting and reporting information at the Application-layer, such as traffic volume of a particular application used by the host. To omit information about application type, select hosts only.
By default, the DPI engine recycles data after 30 minutes of inactivity. However, the DPI engine still retains data for any combination of host and application that passes traffic without 30 minutes of activity.
Compared to the expensive and slow DPI methods in today’s router market, Ubiquiti’s proprietary DPI tool integrates with EdgeRouter’s hardware offload feature. This means the DPI supports the most common network traffic and protocols, including IPv4, VLAN tags, PPPoE, and more.
Conveniently, EdgeOS uses an automatic signature update mechanism (daily cronjob scheduled at 06:25) to ensure that your router is using the latest DPI signatures for comprehensive traffic analysis. Routinely, Ubiquiti pushes updates to your EdgeRouter, extending the functionality of the DPI mechanism.
Please subscribe! Give a thumbs-up, comment, and share!