Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring IDP Applications and Services

    This example shows how to create an application and associate it with an IDP policy.

    Requirements

    Before you begin:

    Overview

    To create custom applications, specify a meaningful name for an application and associate parameters with it—for example, inactivity timeout, or application protocol type. In this example, you create a special FTP application called cust-app, specify it as a match condition in the IDP policy ABC running on port 78, and specify the inactivity timeout value as 6000 seconds.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set applications application cust-app application-protocol ftp protocol tcp destination-port 78 inactivity-timeout 6000 set security idp idp-policy ABC rulebase-ips rule ABC match application cust-appset security idp idp-policy ABC rulebase-ips rule ABC then action no-actionset security idp active-policy ABC

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To create an application and associate it with an IDP policy:

    1. Create an application and specify its properties.
      [edit applications application cust-app]user@host# set application-protocol ftp protocol tcp destination-port 78 inactivity-timeout 6000
    2. Specify the application as a match condition in a policy.
      [edit security idp idp-policy ABC rulebase-ips rule ABC]user@host# set match application cust-app
    3. Specify the no action condition.
      [edit security idp idp-policy ABC rulebase-ips rule ABC]user@host# set then action no-action
    4. Activate the policy.
      [edit]user@host# set security idp active-policy ABC

    Results

    From configuration mode, confirm your configuration by entering the show security idp and show applications commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    [edit]user@host# show security idpidp-policy ABC {rulebase-ips {rule R1 {match {application cust-app;}}}}active-policy ABC;
    [edit] user@host# show applicationsapplication cust-app {application-protocol ftp;protocol tcp;destination-port 78;inactivity-timeout 6000;}

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    To confirm that the configuration is working properly, perform this task:

    Verifying the Configuration

    Purpose

    Verify that the application was associated with the IDP policy.

    Action

    From operational mode, enter the show security idp status command.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page