Related Documentation
- J Series
- Understanding IDP Service and Application Bindings by Attack Objects
- Understanding Memory and Session Limit Settings for IDP Application Identification
- Example: Configuring IDP Policies for Application Identification
- SRX Series
- Disabling Junos OS Application Identification (CLI Procedure)
- Understanding IDP Service and Application Bindings by Attack Objects
- Understanding IDP Application Identification for Nested Applications
- Understanding Memory and Session Limit Settings for IDP Application Identification
- Example: Configuring IDP Policies for Application Identification
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding IDP Application Identification
Juniper Networks provides predefined application signatures that detect Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) applications running on nonstandard ports. Identifying these applications allows Intrusion Detection and Prevention (IDP) to apply appropriate attack objects to applications running on nonstandard ports. It also improves performance by narrowing the scope of attack signatures for applications without decoders.
The IDP sensor monitors the network and detects suspicious and anomalous network traffic based on specific rules defined in IDP rulebases. It applies attack objects to traffic based on protocols or applications. Application signatures enable the sensor to identify known and unknown applications running on nonstandard ports and to apply the correct attack objects.
Application signatures are available as part of the security package provided by Juniper Networks. You download predefined application signatures along with the security package updates. You cannot create application signatures. For information on downloading the security package, see Updating the IDP Signature Database Manually Overview.
The application signatures identify an application by matching patterns in the first packet of a session. The IDP sensor matches patterns for both client-to-server and server-to-client sessions.
Application identification is enabled by default only if the service requesting the application identification (such as IDP, AppFW, AppTrack or AppQoS) is enabled to invoke the application identification. If none of these policies or configurations exist, application identification will not be automatically triggered. However, when you specify an application in the policy rule, IDP uses the specified application rather the application identification result. For instructions on specifying applications in policy rules, see Example: Configuring IDP Applications and Services.
 | Note: Application identification is enabled by default. To disable application identification with the CLI see Disabling Junos OS Application Identification (CLI Procedure) . |
Related Documentation
- J Series
- Understanding IDP Service and Application Bindings by Attack Objects
- Understanding Memory and Session Limit Settings for IDP Application Identification
- Example: Configuring IDP Policies for Application Identification
- SRX Series
- Disabling Junos OS Application Identification (CLI Procedure)
- Understanding IDP Service and Application Bindings by Attack Objects
- Understanding IDP Application Identification for Nested Applications
- Understanding Memory and Session Limit Settings for IDP Application Identification
- Example: Configuring IDP Policies for Application Identification
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
