Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Understanding Application Firewall Policies

Many dynamic applications use HTTP static ports to tunnel non-HTTP traffic through the network. Such applications can permit traffic that might not be adequately controlled by standard network firewall policies, leading to a security threat. Standard policies function based on IP addresses and ports, and therefore are not effective with these dynamic applications. To avoid these security issues, an additional security control for policies was introduced that functions based on the application ID.

The security policies provide firewall security functionality by enforcing rules for the traffic, which pass through the device, is permitted or denied based on the action defined in the rules. The application firewall port in the policies provides additional security control for dynamic applications.

An application firewall provides the following features:

The application firewall policy is defined by a collection of rule sets. A rule set defines the rules that match the application ID detected, based on the application signature. After you create an application firewall policy by adding rules, you can select that policy to be the active policy on your device.

The application firewall policy identifies the application ID as an unknown application ID under the following circumstances:

When the application ID is identified as unknown, the traffic is processed based on the action defined in the unknown rule in the rule set. When there is no rule defined for unknown in the rule set, the default rule is applied for unknown dynamic applications.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support