1. Documentation
  3. WAN Edge
  5. How to Enable App Visibility

How to Enable App Visibility

Modified on

This article explains how to enable or disable the App Visibility features at the gateway level and site level.

Prerequisites to Enable App Visibility

1. Ensure that the SRX has the AppSecure license installed

  • This information can be obtained from the SRX front panel on the Mist UI

 

Use of Log Source IP address/Interface

For application session records to be sent to the cloud, the log source IP address/interface is used to add support for a user to choose the interface or IP address on the device that has cloud/Internet connectivity. It is an optional parameter to be used in cases where the routing instances are in use where only one network interface has cloud/internet connectivity.

 

Steps to Enable or Disable App Visibility

1. Navigate to Organization > Inventory: click on Adopt Gateways

  • Click on “Copy to clipboard“ → this will copy 8 lines of adoption commands; paste these commands on SRX gateway in configuration mode and commit

2. Once the SRX entry is populated in the inventory page, assign theSRX to a site:

  • Select the SRX device and select More > Assign to Site
    • Select a site from the drop-down list
    • Select App track license option **
  • Click on Assign to Site

 

3. If App visibility / App track license is selected as “site setting”:

Make sure the appropriate option is selected in Organization > Site Configurations > Site

Under Gateway Application Visibility:

  • Select check box if App Visibility should be enabled
  • Deselect check box if App Visibility should be disabled
  • Option to add “Log Source Interface” if the WAN/Uplink port is known to the user

 

/sites/site-id/setting API should have below options:

  • “gateway_mgmt“: {“app_usage“: True} if check box is selected
  • “gateway_mgmt“: {“app_usage“: False} if check box is not selected
GET /api/v1/sites/232527fe-4126-40bb-8c78-2c8d1dfed043/setting
HTTP 200 OK
Allow: OPTIONS, GET, PUT
Content-Type: application/json
Vary: Accept

{
   "switch_mgmt": {
      "root_password": "mist123"
   },
   <<< API OUTPUT TRIMMED >>>
   "zone": {
      "autozones_enabled": false,
      "autozones_rssi": -70
   },
   "gateway_mgmt": {
      "app_usage": true,
      "security_log_source_interface": "ge-0/0/0"
   },
   "id": "86f13595-9599-48a7-8c26-ad98a702b9e5",
   "for_site": true,
   "site_id": "232527fe-4126-40bb-8c78-2c8d1dfed043",
   "org_id": "001f3ef8-d69d-4780-b9c3-7a1f3cb123f0",
   "created_time": 1599493540,
   "modified_time": 1600069580
}

 

4. in step 2. if App track license is selected as “Device has an App Track license“ or “Device does NOT have an App Track license“, verify that same option is reflected in the Gateways tab

 

/api/v1/sites/<site-id>/devices/<device-id> should have below options:

  • “gateway_mgmt“: {“app_usage“: True} if option selected is “Device has an App Track license“
  • “gateway_mgmt“: {“app_usage“: False} if option selected is “Device does NOT have an App Track license“
  • Option to add “Log Source IP address” if the WAN IP address is known to the user

 

If the site settings option is selected, the “gateway_mgmt“ section will not be present in the device API

GET /api/v1/sites/232527fe-4126-40bb-8c78-2c8d1dfed043/devices/00000000-0000-0000-1000-94bf94bf11cb
HTTP 200 OK
Allow: PUT, GET, OPTIONS
Content-Type: application/json
Vary: Accept

{
   "adopted": true,
   "sku": "",
   "magic": "",
   "connected": false,
   "simplifiedName": "",
   "gateway_mgmt": {
      "app_usage": true
   },