Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

dynamic-application (Security Policies)

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 18.2R1.

Description

Specify the dynamic applications or dynamic application groups used as match criteria within a security policy.

By adding dynamic applications to the match criteria, the data traffic is classified based on the Layer 7 application inspection results. Application Identification (AppID) identifies dynamic or real-time Layer 4 through Layer 7 applications. After a particular application is identified and the matching policy is found, then the actions are applied according to the policy.

Options

dynamic-application-name |dynamic-application-group-nameSpecify dynamic applications or dynamic application groups.

Examples for dynamic applications or dynamic application groups are as follows:

  • junos:FTP (dynamic application)

  • junos:web:shopping (dynamic application group)

anyConfiguring the dynamic application as any installs the policy with the application as a wildcard (default). If an application cannot be specified, configure any as the default application. Data traffic that match the parameters in a unified policy matches the policy regardless of the application type.
noneConfiguring the dynamic application as none ignores classification results from AppID and does not use the dynamic application in security policy lookups. Within the list of potential match policies, if there is any policy configured with dynamic application as none, this policy is matched as the final policy and is terminal. If any Layer 7 services are configured in this policy, deep packet inspection for the traffic is performed.

When upgrading the Junos OS release from previous releases (where dynamic applications were not supported), all existing traditional policies are considered as policies with the dynamic application configured as none.

If dynamic application is not configured within a security policy, the policy is considered to be a traditional security policy. This policy is similar to a policy with the dynamic application configured as none.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.