Configuring an Application Protocol

[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring an Application Protocol
The application-protocol statement allows you to specify which of the supported application protocols (ALGs) to configure and include in an application set for service processing. To configure application protocols, include the application-protocol statement at the [edit applications application application-name] hierarchy level:
application-protocol protocol-name;
Table 7 shows the list of supported protocols. For more information about specific protocols, see ALG Descriptions.

Table 7: Application Protocols Supported by Services Interfaces

Protocol Name

CLI Value

Comments

Bootstrap protocol (BOOTP)

bootp

Supports BOOTP and dynamic host configuration protocol (DHCP).

Distributed Computing Environment (DCE) remote procedure call (RPC)

dce-rpc

Requires the protocol statement to have the value udp or tcp. Requires a uuid value. You cannot specify destination-port or source-port values.

DCE RPC portmap

dce-rpc-portmap

Requires the protocol statement to have the value udp or tcp. Requires a destination-port value.

Domain Name System (DNS)

dns

Requires the protocol statement to have the value udp. This application protocol closes the DNS flow as soon as the DNS response is received.

Exec

exec

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

FTP

ftp

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

H.323

h323

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

Internet Control Message Protocol (ICMP)

icmp

Requires the protocol statement to have the value icmp or to be unspecified.

Internet Inter-ORB Protocol (IIOP) Transmission Control Protocol (TCP)

iiop

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

Internet Protocol (IP)

ip

-

Login

login

-

NetBIOS

netbios

Requires the protocol statement to have the value udp or to be unspecified. Requires a destination-port value.

NetShow

netshow

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

RealAudio

realaudio

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

Real-Time Streaming Protocol (RTSP)

rtsp

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

Remote Procedure Call (RPC) User Datagram Protocol (UDP) or TCP

rpc

Requires the protocol statement to have the value udp or tcp. Requires a rpc-program-number value. You cannot specify destination-port or source-port values.

RPC port mapping

rpc-portmap

Requires the protocol statement to have the value udp or tcp. Requires a destination-port value.

Session Initiation Protocol (SIP)

sip

For more information, see Configuring SIP.

Shell

shell

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

Simple Network Management Protocol (SNMP)

snmp

Requires the protocol statement to have the value udp or to be unspecified. Requires a destination-port value.

SQLNet

sqlnet

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port or source-port value.

Trace route

traceroute

Requires the protocol statement to have the value udp or to be unspecified. Requires a destination-port value.

Trivial FTP (TFTP)

tftp

Requires the protocol statement to have the value udp or to be unspecified. Requires a destination-port value.

WinFrame

winframe

Requires the protocol statement to have the value tcp or to be unspecified. Requires a destination-port value.

NOTE: In the current release, you cannot configure application-level gateways (ALGs) under stateful firewall rules or CoS rules when twice NAT is configured in the same service set. Do not include the application-protocol statement with the application statement for twice NAT configurations. When you configure one or more stateful firewall rules with an ALG in the same service set as a twice NAT configuration, the router ignores the ALG configuration. NAT applies only the IP address and TCP or UDP headers, but not the payload.
For more information about configuring twice NAT, see Network Address Translation Services Configuration Guidelines.

Protocol Name	CLI Value	Comments
Bootstrap protocol (BOOTP)	`bootp`	Supports BOOTP and dynamic host configuration protocol (DHCP).
Distributed Computing Environment (DCE) remote procedure call (RPC)	`dce-rpc`	Requires the `protocol` statement to have the value `udp` or `tcp`. Requires a `uuid` value. You cannot specify `destination-port` or `source-port` values.
DCE RPC portmap	`dce-rpc-portmap`	Requires the `protocol` statement to have the value `udp` or `tcp`. Requires a `destination-port` value.
Domain Name System (DNS)	`dns`	Requires the `protocol` statement to have the value `udp`. This application protocol closes the DNS flow as soon as the DNS response is received.
Exec	`exec`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
FTP	`ftp`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
H.323	`h323`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
Internet Control Message Protocol (ICMP)	`icmp`	Requires the `protocol` statement to have the value `icmp` or to be unspecified.
Internet Inter-ORB Protocol (IIOP) Transmission Control Protocol (TCP)	`iiop`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
Internet Protocol (IP)	ip	-
Login	login	-
NetBIOS	`netbios`	Requires the `protocol` statement to have the value `udp` or to be unspecified. Requires a `destination-port` value.
NetShow	`netshow`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
RealAudio	`realaudio`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
Real-Time Streaming Protocol (RTSP)	`rtsp`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
Remote Procedure Call (RPC) User Datagram Protocol (UDP) or TCP	`rpc`	Requires the `protocol` statement to have the value `udp` or `tcp`. Requires a `rpc-program-number` value. You cannot specify `destination-port` or `source-port` values.
RPC port mapping	`rpc-portmap`	Requires the `protocol` statement to have the value `udp` or `tcp`. Requires a `destination-port` value.
Session Initiation Protocol (SIP)	sip	For more information, see Configuring SIP.
Shell	`shell`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.
Simple Network Management Protocol (SNMP)	`snmp`	Requires the `protocol` statement to have the value `udp` or to be unspecified. Requires a `destination-port` value.
SQLNet	`sqlnet`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` or `source-port` value.
Trace route	`traceroute`	Requires the `protocol` statement to have the value `udp` or to be unspecified. Requires a `destination-port` value.
Trivial FTP (TFTP)	`tftp`	Requires the `protocol` statement to have the value `udp` or to be unspecified. Requires a `destination-port` value.
WinFrame	`winframe`	Requires the `protocol` statement to have the value `tcp` or to be unspecified. Requires a `destination-port` value.

[Contents] [Prev] [Next] [Index] [Report an Error]