[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring Applications or Services for IDP

Applications or services represent Application Layer protocols that define how data is structured as it travels across the network. Because the services you support on your network are the same services that attackers must use to attack your network, you can specify which services are supported by the destination IP to make your rules more efficient. Juniper Networks provides predefined applications and application sets that are based on industry-standard applications. If you need to add applications that are not included in the predefined applications, you can create custom applications or modify predefined applications to suit your needs. To create custom applications, specify a meaningful name for an application and associate parameters with it—for example, inactivity timeout, or application protocol type.

Before You Begin
  1. For background information, read:
  2. Establish basic connectivity. (See the Getting Started Guide for your device.)
  3. Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
  4. Enable IDP in security policies. See Enabling IDP in a Security Policy.

The configuration instructions in this topic describe how to create an application cust-app and specify it as a match condition in the IDP policy ABC. In this example you create a special FTP application running on port 78. You also specify the inactivity timeout value as 6000 seconds:

You can use either J-Web or the CLI configuration editor to configure an application.

This topic contains:

CLI Configuration

To create an application and associate it with an IDP policy:

  1. Specify a unique name for the application. The following statement specifies cust-app as the name of the application:
    user@host# set applications application cust-app
  2. Specify application properties. The following statement specifies an FTP application using the TCP protocol and the port 78. Inactivity timeout for the FTP service is set to 6000 seconds.
    user@host# set applications application cust-app application-protocol ftp protocol tcp destination-port 78 inactivity-timeout 6000
  3. Specify the application as a match condition in a policy. The following statement adds the cust-app application to the ABC policy:
    user@host# set security idp idp-policy ABC rulebase-ips rule ABC match application cust-app
  4. If you are finished configuring the router, commit the configuration.
  5. For more information, see the JUNOS Software CLI Reference.

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]