[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Applications or Services for IDP

Applications or services represent Application Layer protocols that define how data is structured as it travels across the network. Because the services you support on your network are the same services that attackers must use to attack your network, you can specify which services are supported by the destination IP to make your rules more efficient. Juniper Networks provides predefined applications and application sets that are based on industry-standard applications. If you need to add applications that are not included in the predefined applications, you can create custom applications or modify predefined applications to suit your needs. To create custom applications, specify a meaningful name for an application and associate parameters with it—for example, inactivity timeout, or application protocol type.

Before You Begin
  1. For background information, read:
  2. Establish basic connectivity. (See the Getting Started Guide for your device.)
  3. Configure network interfaces. See the JUNOS Software Interfaces and Routing Configuration Guide.
  4. Enable IDP in security policies. See Enabling IDP in a Security Policy.

The configuration instructions in this topic describe how to create an application cust-app and specify it as a match condition in the IDP policy ABC. In this example you create a special FTP application running on port 78. You also specify the inactivity timeout value as 6000 seconds:

You can use either J-Web or the CLI configuration editor to configure an application.

This topic contains:

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.