Application Firewall Configuration Page Options
- Select Configure>Security>Policy>Define AppFW Policy in the J-Web user interface if you are using SRX5400, SRX5600, or
Select Configure>Security>AppSecure>App Firewall in the J-Web user interface.
The Application Firewall configuration page displays existing application rule sets for the device. Select a rule set to display its rules in the bottom pane. The content of this display is described in Table 190.
- Click one:
Add or +—Adds a new rule set configuration. Enter the information specified in Table 191. To add a rule configuration, click Add from the lower pane or from the Add Rule Set page, and enter the information specified in Table 192.
Delete or X—Deletes the selected rule set or the selected rule configuration.
- Click one:
OK—Saves the configuration and returns to the main configuration page.
Commit Options>Commit—Commits the configuration and returns to the main configuration page.
Cancel—Cancels your entries and returns to the main configuration page.
Table 190: Application Firewall Configuration Page
Specifies the name of an existing application rule set configured for the device.
Select a rule set to display its associated rules in the lower pane.
Specifies the name of each rule associated with the rule set. If this field contains more than two rule names, hover over the field to display the names of all the rules in a tool tip.
Rules in Selected Rule-Set
Displays the name of each rule contained in the selected rule set. This pane is blank until a rule set is selected in the upper pane.
Match Dynamic Applications
Specifies one or more application signatures to be used as match criteria for the rule.
Specifies the action to be taken if traffic matches one of the specified applications.
Table 191: Add or Edit Rule Set Configuration Details
Rule Set Name
Specifies the rule set name
Enter a rule set name.
When editing a rule set, the name cannot be changed.
When rules are defined for the new rule set, the Rules pane displays each rule name, its associated dynamic applications, and its action.
Click Add to create a rule for this rule set. See Table 192 for rule configuration details.
Table 192: Add or Edit Rule Configuration Details
Specifies the name of the rule.
Enter a rule name.
When editing a selected rule, the name cannot be changed.
Specifies the action to be taken when traffic matches one of the dynamic application signatures associated with this rule.
Select permit or deny.
Note: All rules belonging to a rule set must have the same Action setting.
When editing a rule, changing the Action setting will change the setting in all rules in this rule set.
Match Dynamic Application
Displays the applications available on your device.
To add applications to the match criteria:
Displays the applications selected as match criteria for the rule.
To delete applications from the match criteria:
Redisplays the Applications list with the specified application at the top.
Enter an application name.