To configure an application set, you add predefined or custom
applications separately to an application set and assign a meaningful
name to the application set. Once you name the application set you
specify the name as part of the policy. For this policy to apply on
a packet, the packet must match any one of the applications included
in this set.
The configuration instructions in this topic describe how to
create an application set SrvAccessAppSet and associate it
with an IDP policy ABC. The application set SrvAccessAppSet combines three applications. Instead of specifying three applications
in the policy rule, you specify one application set. If all of the
other criteria match, any one of the applications in the application
set serves as valid matching criteria.
You can use either J-Web or the CLI configuration editor to
configure an application set.
To create an application set and associate it with an IDP policy:
Create an application set and specify applications
to be included in the set. The following statements create the SrvAccessAppSet application set that includes a set of three
applications:
user@host# set applications application-set
SrvAccessAppSet application ssh
user@host# set applications application-set
SrvAccessAppSet application telnet
user@host# set applications application-set
SrvAccessAppSet application custApp
Associate the application set with an
IDP policy. The following statement associates the application set SrvAccessAppSet to IDP policy ABC:
user@host# set security idp idp-policy ABC
rulebase-ips rule ABC match application SrvAccessAppSet
Specify an action for the policy. The
following statement permits traffic from applications specified in
the application set:
user@host# set security idp idp-policy ABC
rulebase-ips rule ABC then action no-action
If you are finished configuring the router,
commit the configuration.
For more information, see the JUNOS Software CLI Reference.
