Configuring the Application and Application Set (NSM Procedure)

You can define application protocols for the stateful firewall and Network Address Translation (NAT) services to use in match condition rules. An application protocol, or application layer gateway (ALG), defines application parameters using information from network Layer 3 and above. You can configure properties of an application and whether to include it in an application set using the application option. You can configure one or more applications to include in an application set using the application set option.

To configure an application set in NSM:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device to select it.
  3. Click the Configuration tab. In the configuration tree, expand Applications.
  4. Add or modify settings as specified in Table 24.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Note: Application and application set are configurable, only if the device is in the in-device policy mode.

Table 24: Applications Configuration Details

TaskYour Action

Configure properties of an application and whether to include it in an application set.

  1. Click Application next to Applications.
  2. Click Add new entry next to Application.
  3. In the Name box, enter the identifier of the application.
  4. In the Comment box, enter the comment.
  5. From the Application Protocol list, select the name of the protocol.
  6. From the Protocol list, select the networking protocol type.
  7. From the Source Port list, select the identifier for the port.
  8. From the Destination Port list, select the Identifier for the port.
  9. From the Snmp Command list, select the SNMP command format.
  10. From the Icmp Type list, select the ICMP packet type value.
  11. From the Icmp Code list, select the Internet Control Message Protocol (ICMP) code value.
  12. From the Ttl Threshold list, select the TTL threshold value.
  13. In the Rpc Program number box, enter the Remote procedure call (RPC) or Distributed Computing Environment (DCE) value.

    Range: 100,000 through 400,000

  14. In the Uuid box, enter the Universal Unique Identifier (UUID) for DCE RPC objects.
  15. From the Inactivity Timeout list, select the length of time the application is inactive before it times out.
  16. Select the Learn Sip Register check box to activate SIP register to accept potential incoming SIP calls.
  17. From the Sip Call Hold Timeout list select the length of time the application holds a SIP call open before it times out.

    Default: 7200 seconds

    Range: 0 through 36,000 seconds (10 hours)

  18. Select one of the following:
    • do-not-translate-AAAA-query-to-A-query—To control the translation of AAAA query to A query.
    • do-not-translate-A-query-to-AAAA—To control the translation of A query to AAAA query.

Configuring application sets.

  1. Click Application Set next to Applications.
  2. Click Add new entry next to Application Set.
  3. Expand application-set.
  4. In the Name box, enter the identifier of an application set.
  5. In the Comment box, enter the comment.
  6. Click Application next to application-set.
  7. Click Add new entry next to Application.
  8. From the Name list, select the identifier of the application.
  9. In the Comment box, enter the comment.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.