From 0f1dec9456b3fb06e0ef805c982de9e1ed9e1346 Mon Sep 17 00:00:00 2001
From: liuxueli <liuxueli@geedgenetworks.com>
Date: Mon, 8 Jul 2024 05:16:00 +0000
Subject: [PATCH] Update: firewall-3.3.4.624df14

---
 ansible/install_config/group_vars/rpm_version.yml      | 2 +-
 ansible/roles/firewall/templates/main.conf.j2.j2       | 2 ++
 ansible/roles/traffic-engine/files/helm/conf/main.conf | 6 ++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ansible/install_config/group_vars/rpm_version.yml b/ansible/install_config/group_vars/rpm_version.yml
index 177dc635..effe875a 100644
--- a/ansible/install_config/group_vars/rpm_version.yml
+++ b/ansible/install_config/group_vars/rpm_version.yml
@@ -3,7 +3,7 @@ certstore_rpm_version:
 
 firewall_rpm_version:
   conn_telemetry: conn_telemetry-1.0.3.4ef6df6
-  firewall: firewall-3.3.2.c1104bf
+  firewall: firewall-3.3.4.624df14
   glimpse_detector: glimpse_detector-3.1.1.6b887d8
   qdpi_detector: qdpi_detector-5.0.0.75424a0
   dos_protector: dos_protector-2.0.1.434f8b6
diff --git a/ansible/roles/firewall/templates/main.conf.j2.j2 b/ansible/roles/firewall/templates/main.conf.j2.j2
index cba26130..92b74af3 100644
--- a/ansible/roles/firewall/templates/main.conf.j2.j2
+++ b/ansible/roles/firewall/templates/main.conf.j2.j2
@@ -54,6 +54,8 @@ DEVICE_SEQ_IN_DATA_CENTER={{ session_id_generator.snowflake_worker_id_offset }}
 GENERATE_JA3_FINGERPRINT=1
 PERIODIC_SCAN_INTERVAL_MS=120000
 
+APPSKETCH_SWITCH=1
+
 [FIREWALL]
 # hijack, replace
 DNS_RESPONSE_MODE=replace
diff --git a/ansible/roles/traffic-engine/files/helm/conf/main.conf b/ansible/roles/traffic-engine/files/helm/conf/main.conf
index 7039b38b..21d92f79 100644
--- a/ansible/roles/traffic-engine/files/helm/conf/main.conf
+++ b/ansible/roles/traffic-engine/files/helm/conf/main.conf
@@ -45,6 +45,12 @@ PERIODIC_SCAN_INTERVAL_MS=120000
 OSFP_DB_JSON_PATH=tsgconf/firewall_osfp_db.json
 L7_PROTOCOL_FILE=./tsgconf/firewall_l7_protocol.conf
 
+{{ if and (eq .Values.appsketch.context_based_detector .Values.define_enable_val_yes) (eq .Values.appsketch.enable .Values.define_enable_val_yes) }}
+APPSKETCH_SWITCH=1
+{{- else }}
+APPSKETCH_SWITCH=0
+{{- end }}
+
 [FIREWALL]
 # hijack, replace
 DNS_RESPONSE_MODE=replace