Introduction
Custom application definitions enable administrators to assign meaningful, organization-specific names to traffic that uses non-standard or proprietary protocol and port combinations. Once defined, these names replace raw port numbers throughout Cloud Control Center observability views — most notably in Cloud Control Center Traffic Analytics Sankey diagrams and Service Names filters — so administrators can interpret traffic patterns and validate policies without translating port numbers in their heads.
A custom application is a logical label that maps to one or more protocol and port combinations. For example, an administrator can define an application named BillingApp that maps to TCP port 14332. Any traffic observed on TCP/14332 then displays as BillingApp in Traffic Analytics rather than as tcp/14332. Each application supports up to five protocol and port definitions, allowing a single logical application to encompass multiple ports — for instance, a primary service port, an administration port, and a metrics endpoint — under one name.
Custom application definitions are a presentation-layer feature. They do not alter how flows are collected, classified, or evaluated by the Elisity Dynamic Policy Engine. Changes to custom application definitions take effect immediately in Traffic Analytics views without requiring a sync or restart, and they apply retroactively to historical flow data.
Prerequisites
Before configuring custom application definitions, confirm the following:
- You are signed in to Cloud Control Center.
- Your account is assigned a role with the appropriate permissions on the Settings/Applications resource:
- Tenant User — view custom application definitions.
- Tenant Admin — add, edit, delete, and export custom application definitions.
- You know the protocol (TCP or UDP) and port or port range used by each application you intend to define.
For a complete overview of where Settings live in Cloud Control Center, see Elisity Cloud Control Center Settings and Controls.
Configure a Custom Application
Custom applications are managed on a dedicated configuration page that uses a parent and child table layout. Each row in the main table represents one application and can be expanded to reveal the protocol and port definitions associated with that application.
Step 1. Navigate to Settings > System > Applications.
Step 2. Click + Add Application. The Add Application dialog opens with fields for the application name, description, and its first protocol and port definition.
Step 3. Enter the following values:
| Field | Description |
|---|---|
| Name | A unique label for the application. Maximum length is 15 characters. Names must be unique across all custom application definitions in the tenant. This field is required. |
| Description | An optional text description for the application. Maximum length is 255 characters. The description appears in the Applications table and can be used to document the purpose of each application. |
| Protocol | The transport protocol used by the application. Select TCP or UDP. |
| Source Ports | A single port (for example, 14332) or a contiguous range expressed with a hyphen (for example, 20-25). The range must not overlap with a definition that belongs to a different custom application using the same protocol. |
Step 4. Click Add to save the new application. The application appears as a new row in the Applications table, with the protocol and port definition you entered shown as its first child row.
Add Additional Protocol and Port Definitions
An application can be associated with up to five protocol and port definitions. Additional definitions are added to an existing application without changing its name.
Step 1. Locate the application in the table and expand its row to view the existing protocol and port definitions.
Step 2. Click Add Definition to add a new protocol and port entry to that application.
Step 3. Select the protocol and enter the port or port range in the Source Ports field. The same validation rules apply: the port range must not overlap with any definition belonging to a different application using the same protocol.
Step 4. Click Add to save the new definition. It appears as a new child row under the parent application.
A single application may contain definitions that overlap each other — for example, an application named BillingApp may include both TCP/14332 and TCP/14330-14340. Overlap is only restricted across different applications.
Validation Rules
Cloud Control Center enforces the following constraints when adding or editing custom application definitions. Violations are blocked at save time and an inline error is displayed.
| Rule | Description |
|---|---|
| Name uniqueness | Each application name must be unique within the tenant. |
| Name length | Application names are limited to a maximum of 15 characters. |
| Protocol | Protocol must be either TCP or UDP. Other transport protocols are not supported. |
| Port range | Ports must be valid (1-65535). A range is expressed as two values separated by a hyphen, with the lower value first. |
| No cross-application overlap | A protocol and port (or port range) defined for one application cannot overlap with any port or range defined for a different application using the same protocol. The same numeric port may be reused on a different protocol — for example, TCP/8080 may belong to one application while UDP/8080 belongs to another. |
| Definitions per application | Each application supports a maximum of five protocol and port definitions. |
Important: When two custom application definitions in different applications would map to the same protocol and port, the save action is rejected. Resolve the conflict by adjusting the port range on one of the applications or by consolidating both definitions under a single application name.
Edit and Delete Custom Applications
Existing applications and their definitions can be modified or removed at any time. The same RBAC requirement applies: edit and delete actions require Tenant Admin role on the Settings/Applications resource.
Edit an Application or Definition
Step 1. Navigate to Settings > System > Applications.
Step 2. Use the edit action on the application row to change its name, or expand the row and use the edit action on an individual protocol and port definition to change its protocol or port range.
Step 3. Save the change. Validation rules are re-evaluated against all other applications and definitions in the tenant. Updated names and definitions take effect immediately in Traffic Analytics views.
Delete an Application or Definition
Deletion behavior depends on whether you are removing a parent application or one of its child definitions:
- Delete a definition (child row) — Removes that single protocol and port mapping from the application. The application itself and any remaining definitions are unaffected.
- Delete an application (parent row) — Removes the application and all of its protocol and port definitions in a single operation. A confirmation prompt is presented before the deletion is finalized.
After deletion, traffic that previously displayed under the custom application name reverts to its raw protocol and port representation in Traffic Analytics views.
Export Custom Application Definitions
The list of custom applications and their definitions can be exported to CSV for backup, review, or sharing with other teams.
Step 1. Navigate to Settings > System > Applications.
Step 2. Use the export action to download the current set of custom application definitions as a CSV file. The export preserves the parent and child relationship: each row in the CSV identifies the application name along with one protocol and port definition, so an application with three definitions produces three rows in the file.
Custom application definitions can be exported but cannot be imported through the Settings page. To recreate definitions in another tenant, add each application and its definitions individually using the steps in this article.
How Custom Applications Appear in Traffic Analytics
Once a custom application is defined, its name replaces the raw protocol and port representation in observability views across Cloud Control Center. The most visible effect is in Traffic Analytics:
- Sankey diagrams — Flow bands that would otherwise display a raw port number in the Side A Port or Side B Port column instead show the custom application name with the port in parentheses (for example, BillingApp (14332)). When the cursor hovers over a band, the tooltip shows the custom application name along with the underlying protocol and port for reference.
- Service Names filter — Custom applications appear alongside well-known services in the Service Names filter. Selecting a custom application from this filter scopes the Traffic Analytics view to flows matching any of the protocol and port definitions associated with that application.
- Traffic Records — Records returned by Traffic Analytics queries display the custom application name in the service column when the underlying protocol and port match one of the application's definitions.
- Policy Matrix traffic view — Custom application names also appear in the Policy Matrix when viewing traffic details between Policy Groups, replacing raw protocol and port values with the configured application name.
Custom application names apply retroactively to existing flow data. After a definition is added, historical Traffic Analytics queries that match the protocol and port use the new name. After a definition is deleted, the same historical queries revert to displaying the raw protocol and port.
Custom application definitions affect the display of traffic in observability views only. They are not used as match criteria in Policy definitions, Security Profiles, Policy Testing, or Traffic Exclusion Filters. For details on filtering and interpreting analytics data, see Cloud Control Center Traffic Analytics.
Operationalization
After custom applications are defined, verify the configuration is producing the intended results in Traffic Analytics:
- Navigate to Traffic Analytics.
- Select a time range that includes traffic on the protocols and ports you have defined.
- Open the Service Names filter and confirm that each configured custom application appears in the list.
- Apply the filter for one of the custom applications and confirm that the Sankey diagram and Traffic Records reflect only flows matching that application's definitions.
- Hover over a flow in the Sankey diagram to confirm that the tooltip shows the expected custom application name along with the underlying protocol and port.
If traffic that should be matching a custom application is still displayed under its raw protocol and port, confirm the following:
- The protocol and port observed in the flow exactly match a definition associated with the application. Custom application names apply only when both protocol and port match.
- No conflicting definition exists in another application that would have blocked the save. If validation rejected the original save, the definition is not stored and no replacement occurs.
- The Traffic Analytics view is scoped to a time range that includes the relevant flows.