Creating Application Signatures
Application identification supports custom application signatures to detect applications as they pass through the device. When you configure custom signatures, make sure that your signatures are unique. Use the Create Application Signature page to create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7.
Before you begin creating the custom application signatures:
Make sure you have downloaded the application signature database package.
The SRX Series device must be running Junos OS Release 15.1X49-D40 or later.
To create the custom application signatures:
- Select Configure > Application Firewall
Policy > Signatures.
The Application Signatures Page appears.
- From the Create list, select Signature.
The Create Application Signature page appears.
- Complete the configuration by using the guidelines in Table 1.
- Click OK to complete the configuration or Cancel to discard the configuration.
Table 1: Fields on the Create Application Signature Page
Field | Description | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters. | ||||||||||||||||||||||||
Description | Enter a description for the custom application signature; maximum length is 255 characters. | ||||||||||||||||||||||||
Order | Specify the order for the custom application. Lower order has higher priority. This option is used when multiple custom applications of the same type match the same traffic. However, you cannot use this option to prioritize among different type of applications such as TCP stream-based applications against TCP port-based applications or IP address-based applications against port-based applications. | ||||||||||||||||||||||||
Priority | Select the priority from the list over other signature applications. | ||||||||||||||||||||||||
ICMP Mapping | |||||||||||||||||||||||||
ICMP Type | Specify the Internet Control Message Protocol (ICMP) value for an application to match. The ICMP mapping technique maps standard ICMP message types and optional codes to a unique application name. This mapping technique lets you differentiate between various types of ICMP messages. Select the numerical value of an ICMP type. The type field identifies the ICMP message. | ||||||||||||||||||||||||
ICMP Code | Select the numerical value of an ICMP code. The code field provides further information about the associated type field. | ||||||||||||||||||||||||
IP Protocol Mapping | |||||||||||||||||||||||||
IP Protocol | Select the IP protocol value for an application to match. Standard IP protocol numbers can map an application to IP traffic. To ensure an adequate security similar to address mapping, use IP protocol mapping only in your private network for trusted servers. | ||||||||||||||||||||||||
Address Mapping | |||||||||||||||||||||||||
Add Address Mapping | Use the Add Address Mapping page to create an address mapping that defines an application by the IP address and the port range of the traffic. | ||||||||||||||||||||||||
Name | Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed; maximum length is 63 characters. | ||||||||||||||||||||||||
IP Address | Enter an IPv4 or IPv6 address of the application for address mapping. | ||||||||||||||||||||||||
CIDR | Enter an IPv4 or IPV6 address prefixes for a classless addressing. | ||||||||||||||||||||||||
TCP Port Range | Enter the TCP port range for the application. Example: 1-200. | ||||||||||||||||||||||||
UDP Port Range | Enter the UDP port range for the application. Example: 1-200. | ||||||||||||||||||||||||
L7 Signature | |||||||||||||||||||||||||
Cacheable | Set this option to TRUE to enable caching of application identification results. By enabling this option, you can cache the application detection result in an ASC table. If there is an entry in the ASC table, based on the destination IP address, protocol, and the port, you can identify AppID without sending the packet again to engine. | ||||||||||||||||||||||||
Add L7 Signature | Select a protocol over which L7 signatures are added. The available options are:
| ||||||||||||||||||||||||
Over Protocol | Shows the type of protocol that you have selected to add the L7 signature. | ||||||||||||||||||||||||
Signature Name | Enter the name of the custom application signature; maximum length is 63 characters. | ||||||||||||||||||||||||
Port Range | Enter the port range for the selected protocol. Range is 1-65535. | ||||||||||||||||||||||||
Add Members | Click the + sign to add members for a custom application signature. You can add maximum of 15 members. | ||||||||||||||||||||||||
Member Name | Member name for a custom application signature. Custom signatures can contain multiple members that define attributes for an application. (The supported member name range is m01 through m15.) | ||||||||||||||||||||||||
Context | Select the context for matching the application running over TCP, UDP, or Layer 7. The available options are:
| ||||||||||||||||||||||||
Direction | Select the connection direction of the packets to match pattern from the list. Combinations other than those mentioned in Table 2 is not supported. Table 2: Supported Context-Direction Combination
| ||||||||||||||||||||||||
Pattern | (Optional) Enter the Deterministic Finite Automaton (DFA) pattern matched on the context. The DFA pattern specifies the pattern to be matched for the signature. Maximum length is 128 characters. | ||||||||||||||||||||||||