Kaspersky SD-WAN supports creating firewall rules that are applied only to traffic packets of the specified application. You can specify the DPI marks that determine the traffic packets the rule is applied to. You cannot configure DPI marking if you disabled the DPI marking technology in basic firewall settings.
You can configure DPI marking in a firewall template or on a CPE device. DPI marking settings specified in the firewall template are automatically propagated to all CPE devices that use this firewall template.
To configure DPI marking:
Configure DPI marking for the firewall is applied in one of the following ways:
If you want to configure DPI marking in a firewall template, go to the SD-WAN → Firewall templates menu section, click the firewall template, and select the DPI marking tab.
If you want to configure DPI marking on a CPE device, go to the SD-WAN → CPE menu section, click the CPE device, select the Firewall → DPI marking tab, and select the Override check box.
The DPI marking settings are displayed.
Select the check boxes next to the DPI marks which you want to govern which firewall rules apply to which traffic packets.
In the upper part of the settings area, click Save to save the settings of the firewall template or CPE device.