Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Application Signatures

    Application identification supports custom application signatures to detect applications as they pass through the device. When you configure custom signatures, make sure that your signatures are unique. Use the Create Application Signature page to create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7.

    Before you begin creating the custom application signatures:

    • Make sure you have downloaded the application signature database package.

    • The SRX Series device must be running Junos OS Release 15.1X49-D40 or later.

    To create the custom application signatures:

    1. Select Configure > Application Firewall Policy > Signatures.

      The Application Signatures Page appears.

    2. From the Create list, select Signature.

      The Create Application Signature page appears.

    3. Complete the configuration by using the guidelines in Table 1.
    4. Click OK to complete the configuration or Cancel to discard the configuration.

    Table 1: Fields on the Create Application Signature Page

    Field

    Description

    Name

    Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

    Description

    Enter a description for the custom application signature; maximum length is 255 characters.

    Order

    Specify the order for the custom application. Lower order has higher priority.

    This option is used when multiple custom applications of the same type match the same traffic. However, you cannot use this option to prioritize among different type of applications such as TCP stream-based applications against TCP port-based applications or IP address-based applications against port-based applications.

    Priority

    Select the priority from the list over other signature applications.

    ICMP Mapping

    ICMP Type

    Specify the Internet Control Message Protocol (ICMP) value for an application to match. The ICMP mapping technique maps standard ICMP message types and optional codes to a unique application name. This mapping technique lets you differentiate between various types of ICMP messages.

    Select the numerical value of an ICMP type. The type field identifies the ICMP message.

    ICMP Code

    Select the numerical value of an ICMP code. The code field provides further information about the associated type field.

    IP Protocol Mapping

    IP Protocol

    Select the IP protocol value for an application to match. Standard IP protocol numbers can map an application to IP traffic. To ensure an adequate security similar to address mapping, use IP protocol mapping only in your private network for trusted servers.

    Address Mapping

    Add Address Mapping

    Use the Add Address Mapping page to create an address mapping that defines an application by the IP address and the port range of the traffic.

    Name

    Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters.

    IP Address

    Enter an IPv4 or IPv6 address of the application for address mapping.

    CIDR

    Enter an IPv4 or IPV6 address prefixes for a classless addressing.

    TCP Port Range

    Enter the TCP port range for the application. Example: 1-200.

    UDP Port Range

    Enter the UDP port range for the application. Example: 1-200.

    L7 Signature

    Cacheable

    Set this option to TRUE to enable caching of application identification results. By enabling this option, you can cache the application detection result in an ASC table. If there is an entry in the ASC table, based on the destination IP address, protocol, and the port, you can identify AppID without sending the packet again to engine.

    Add L7 Signature

    Select a protocol over which L7 signatures are added. The available options are:

    • Over HTTP

    • Over SSL

    • Over TCP

    • Over UDP

    Over Protocol

    Shows the type of protocol that you have selected to add the L7 signature.

    Signature Name

    Enter the name of the custom application signature; maximum length is 63 characters.

    Port Range

    Enter the port range for the selected protocol. Range is 1-65535.

    Add Members

    Click the + sign to add members for a custom application signature. You can add maximum of 15 members.

    Member Name

    Member name for a custom application signature. Custom signatures can contain multiple members that define attributes for an application. (The supported member name range is m01 through m15.)

    Context

    Select the context for matching the application running over TCP, UDP, or Layer 7.

    The available options are:

    • http-get-url-parsed-param-parsed—The decoded and normalized GET URL in an HTTP request along with the decoded CGI parameters (if any).

    • http-header-content-type—The content-type header in an HTTP transaction.

    • http-header-cookie—The cookie header in an HTTP transaction.

    • http-header-host—The host header in an HTTP transaction.

    • http-header-user-agent—The user-agent header in an HTTP transaction.

    • http-post-url-parsed-param-parsed—The decoded and normalized POST URL in an HTTP request along with the decoded CGI parameters (if any).

    • http-post-variable-parsed—The decoded POST URL or form data variables.

    • http-url-parsed—The decoded and normalized URL in an HTTP request.

    • http-url-parsed-param-parsed—The decoded and normalized URL in an HTTP request along with the decoded CGI parameters (if any).

    • ssl-server-name—Server name in the TLS server name extension or the SSL server certificate. This is also known as Server Name Indication (SNI).

    • stream—TCP or UDP stream data.

    Direction

    Select the connection direction of the packets to match pattern from the list. Combinations other than those mentioned in Table 2 is not supported.

    Table 2: Supported Context-Direction Combination

    Context

    Direction

    http-get-url-parsed-param-parsed

    client-to-server

    http-header-host

    client-to-server

    http-header-user-agent

    client-to-server

    http-post-url-parsed-param-parsed

    client-to-server

    http-post-variable-parsed

    client-to-server

    http-url-parsed

    client-to-server

    http-url-parsed-param-parsed

    client-to-server

    http-header-content-type

    any/client-to-server/server-to-client

    http-header-cookie

    any/client-to-server/server-to-client

    ssl-server-name

    client-to-server

    stream

    any/client-to-server/server-to-client

    Pattern

    (Optional) Enter the Deterministic Finite Automaton (DFA) pattern matched on the context. The DFA pattern specifies the pattern to be matched for the signature. Maximum length is 128 characters.

    Modified: 2017-06-05