Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Application Firewall Policies

Use the Application Firewall Policies page to configure an application firewall policy and to specify the rule set to be applied to it.

An application firewall:

Before You Begin

Procedure

To configure an application firewall policy, you must create a policy and then add rules to it. To create an application firewall policy:

  1. Select Configure > Application Firewall Policy > Policies.
  2. Click the + icon.
  3. Complete the configuration according to the guidelines provided in the Table 164.
  4. Click OK.

Procedure

To add rules to the application firewall policy:

  1. Click Add Rules for the policy you created.
  2. Click +.
  3. Complete the configuration according to the guidelines provided in the Table 165.
  4. Click OK.

A new application firewall policy with your configurations is created. You can add rules to this policy to provide additional security.

Table 164: Application Firewall Policies Settings

Settings

Guidelines

Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters.

Description

Enter a description for the policy; maximum length is 1024 characters.

Table 165: Add Rule Settings

Settings

Guidelines

Rule Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters.

Application Signatures

Select an option to add or delete an application signature.

Select one or more available application signatures to add to the rules.

Encryption

Select an option to specify different actions for encrypted and unencrypted SSL traffic:

  • Any—Matches both encrypted and unencrypted SSL traffic.

  • Yes—Matches encrypted SSL traffic only.

  • No—Matches unencrypted SSL traffic only.

Action

Select an option for any traffic that matches the application firewall rule set:

  • Permit—Allows the traffic at the firewall.

  • Deny—Blocks traffic, closes the session, and logs the event from an application firewall. By default, no message is returned to the client. But you can choose to send a message.

  • Reject—Drops traffic with a message to the client, closes the session, and logs the event from an application firewall.

Notify user on blocking (Deny or Reject)

Select whether or not to notify clients when drop or reject actions are logged from an application firewall:

  • Yes—Displays a default message or customized message, or redirects the clients for denied HTTP or HTTPS traffic. All other traffic is dropped silently.

  • No—No message is sent to the client.

Default Action—Default Action for other applications (not matching any rule)

Select an option for any traffic that does not match any defined application firewall rule:

  • Permit—Allows the traffic at the firewall.

  • Deny—Blocks the traffic and the device drops the packet. By default, no message is returned to the client but you can choose to send a message.

  • Reject—Drops the traffic. By default the device drops the packet and returns a TCP reset (RST) message to the source host and to the server in some cases. For UDP or other protocol traffic, an ICMP unreachable message is returned to both client and server.

Block Message—Block Message Type

Select an option to provide a text explanation to the client, redirect the client to an informative webpage, or do nothing after a reject or deny action from an application firewall:

  • Not Configured—No message is returned to the client.

  • Custom Message—Enter text to display with splash screen to inform the client that the traffic has been blocked.

  • Redirect URL—Enter URL to redirect the client to a custom webpage instead of the default splash screen. For example: https://www.juniper.net/.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit