Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

context (Application Identification)

 

Syntax

Hierarchy Level

[edit services application-identification application application-name over protocol-type signature name member name ]

Release Information

Statement introduced in Junos OS Release 15.1X49-D40.

Description

Specify context for matching application running over TCP, UDP, or Layer 7.

Application identification supports custom application signatures to detect applications as they pass through the device. You can create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7. While configuring custom application signatures, you must specify context values that the device can use to match patterns in the application traffic.

Options

http-get-url-parsed-param-parsedThe decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters (if any).
http-header-content-type The content-type header in an HTTP transaction.
http-header-cookieThe cookie header in an HTTP transaction.
http-header-host The host header in an HTTP transaction.
http-header-user-agentThe user-agent header in an HTTP transaction.
http-post-url-parsed-param-parsed The decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters (if any).
http-post-variable-parsedThe decoded POST URL or form data variables.
http-url-parsedThe decoded, normalized URL in an HTTP request.
http-url-parsed-param-parsedThe decoded, normalized URL in an HTTP request along with the decoded CGI parameters (if any).
ssl-server-name Server name in the TLS server name extension or the SSL server certificate. This is also known as Server Name Indication (SNI).
stream TCP or UDP stream data.

Starting from Junos OS release 15.1X49-D60 and Junos OS Release 17.3R1, when configuring custom application signatures, the context-direction combinations as mentioned in Table 1 is supported. Any other combination other than this is not supported.

Table 1: Supported Context-Direction Combination for Custom Application Signatures

Context

Direction

http-get-url-parsed-param-parsed

client-to-server

http-header-host

client-to-server

http-header-user-agent

client-to-server

http-post-url-parsed-param-parsed

client-to-server

http-post-variable-parsed

client-to-server

http-url-parsed

client-to-server

http-url-parsed-param-parsed

client-to-server

ssl-server-name

client-to-server

stream

any/client-to-server/server-to-client

http-header-content-type

any/client-to-server/server-to-client

http-header-cookie

any/client-to-server/server-to-client

Note

If you are planning to upgrade the device to Junos OS release 15.1X49-D60 from the previous versions of the Junos OS, you must change the configuration to the valid combination of context-direction as mentioned in Table 1 to avoid any commit failure and possible disabling of the secondary node.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.