Understanding the Junos OS Application Identification Application Package

Juniper Networks regularly updates the predefined application signature package database and makes it available to subscribers on the Juniper Networks website. This package includes signature definitions of known application objects that can be used to identify applications for tracking, firewall policies, quality of service prioritization, and Intrusion Detection and Prevention (IDP). The database contains application objects such as FTP and DNS as well as nested applications operating over an HTTP protocol, such as Facebook, Kazaa, and many instant messenger programs.

You need to download and install the application signature package before configuring application identification, application firewall policy, or AppTrack. The application signature package is included in the IDP installation directly and does not need to be downloaded separately.

• If you have IDP enabled and plan to use application identification, you can continue to run the IDP signature database download. To download the IDP signature database, run the following command: request security idp security-package download. The application package download can be performed manually or automatically.

  Note: If you have an IDP-enabled device and plan to use application identification, we recommend that you download only the IDP signature database. This will avoid having two versions of the application database, which could become out of sync.

• If you do not have IDP enabled and plan to use application identification, you can run the following commands: request services application-identification download and request services application-identification install. These commands will extract the application portion of the IDP signature database and install it as the application signature database.

  You can perform the download manually or automatically. When you download the extracted package manually, you can change the download URL.

  Note: The Junos OS application signature package update is a separately licensed subscription service. You must install the application signature package update license key on your device to download and install the signature database updates provided by Juniper Networks. If your license key expires, you can continue to use the locally stored application signature package content but you cannot update the data.

After downloading and installing the application signature package, use CLI commands to download and install database updates, to view summary and detailed application information, and to create custom application signatures and custom application signature groups.

You can copy a predefined application signature or application signature group from the application signature database and use it as a template to create a custom signature or signature group. All predefined Juniper application signatures have the prefix “junos,” so make sure you do not use “junos” for your custom signature or signature group names.

Note: Uninstalling the predefined application signature package will not remove any custom application signatures or signature groups that you have created.