Athena NGFW (Next-Generation Firewall)

Athena NGFW (previously known as Network Secure) provides comprehensive protection for every network perimeter, ensuring the safety of your valuable assets, data, and users from emerging threats.

8.0.85

{{item.code}}

Product Overview

Deployment

Installation Preparations

Deployment Mode

User Manual

Home

Security Operations

IoT Security

Business Asset Security

Summary of Business Asset Risks

Configuration Case

Summary of Attack Events

Passive Vulnerability Scan

User Security

Specialized Protection

Blacklist and Whitelist

Blacklist

Whitelist

Next-Gen Security

Endpoint Protection

Security Capabilities

Monitor

Logs

Security Logs

Security Logs

Access Logs

System Logs

TOP N

Configuration Procedures

Sessions

Bandwidth Management

Statistics

Application

Application Statistics Query Case

Traffic

Case of Viewing Traffic Statistics

Report

Diagnosis

Packet Tracing

Settings

Logging Options

Log Database

Policies

Network Address Translation

IPv4 NAT

IPv6 NAT

NAT64

DNS-Mapping

Configuration Example

Access Control

Application Control

GeoLocation Blocking

Configuration Steps

Local ACL

Configuration Steps

Connection Control

Configuration Example

Network Security

Security Protection Policy

Anti DoS/DDoS

Decryption

Decrypt Data to Internal Server

6.4.1.1Configuration Steps

Bandwidth Management

Channel Configuration

Link Settings

Authentication

User Authentication

Custom Webpage

Objects

Threat Signature Database

Security Database

Custom Database

Content Identification Database

Application Signatures Database

URL Category Database

File Types

Email Attachment Filter

Schedule

Network

Interfaces

Physical Interfaces

Edit Physical Interface

DHCP

DHCP Servers

Configuration Case

Advanced Networking

Configuration Case

SSL VPN

Resources

Roles

Sangfor/IPSec VPN

SD-WAN Configuration

Sangfor VPN Configuration

Logs

System

General Settings

Configuration Steps

License Activation Method

Troubleshooting

Tools

High Availability

Virtual Systems

Overview

System Management

Example

Resource Pools

Device Management

Central Management

O&M Management

Routine Inspection

Check the Security of the Device

Shortcut Functions

Restoration of the Device Configuration and Password

Restore the Password by Rebooting with a USB Flash Drive

Restore the Factory Settings

Patch Update Guidance

Precautions

Use of Auxiliary Tools

Troubleshooting

Emergency Event Handling

Product Upgrade Guide

Offline Upgrade

Product Post-Upgrade Inspection

Acronym

SDKs, APIs

API Document

Athena NGFW (Next-Generation Firewall)

User Manual

Objects

Content Identification Database

Application Signatures Database

Custom App Signatures

{{sendMatomoQuery("Athena NGFW (Next-Generation Firewall)","Custom App Signatures")}}

Custom App Signatures

{{ $t('productDocDetail.updateTime') }}: 2026-01-06

To customize the app signature rules. You can customize apps not covered by the built-in app signature database.

The custom app signature rules can be defined by data direction, IP address, protocol, and port. You can perform operations on custom applications, such as add, delete, enable, disable, import, and export as the administrator.

Navigate to Objects > Content Identification Database > Application Signatures, click the Custom App Signatures tab.

A screenshot of a computer

Description automatically generated

Example: You must provide traffic assurance for company mail. However, when selecting the app category, you cannot select the company mail alone. In this case, you can customize a company mail app.

Step 1.On the Custom App Signatures tab, click Add. The Add App Signature dialog box appears. Set related parameters by following the steps.

Step 2.Enable the rule and set the Basic Attributes of the app, including the Rule Name, Description, Category, and App Name. You can select the existing category or customize a category.

A screenshot of a computer

Description automatically generated

Step 3.Set the features of matching packets.

A screenshot of a computer

Description automatically generated

Direction: Specify the direction of data passing through the device. The rule only applies to packets transferred in the specified direction.

Protocol: Specify the type of protocol used for sending data. In this example, the TCP is used for mail sending.

Port: Specify the destination port accessed by the data. In this example, the mail is sent through the TCP25 port.

IP Address: Specify the source IP, destination IP, or destination IP after proxy identification.

Target Domain: Specify the target domain name address that packets access. In this example, enter the domain name email address of the company, such as "mail.sangfor.com".

Step 4.Click OK to complete the settings of this rule.

Step 5.Prioritize a custom app signature rule. Because the built-in app signature database also provides a mail identification rule. If the built-in rule is prioritized, the data may first match this mail identification rule instead of the custom app signature rule ("Company Email"). Therefore, you should prioritize the custom app signature rule. To do this, select Prioritize custom app signatures on the Custom App Signatures tab.

Step 6.Choose Bandwidth Channel and set the guaranteed channel of this app, ensuring that the bandwidth required for the mail is sent from the company email address.

When setting the custom app signature rule, it is recommended to add identification information, including destination port, IP address, and domain name. If identification conditions are too broad, they may conflict with the built-in application identification rules and lead to confusion. As a result, some control and audit rules may fail.

{{ $t('index.defaultHeader.logo') }}

Athena NGFW (Next-Generation Firewall)

Custom App Signatures