[Contents] [Prev] [Next] [Index] [Report an Error]

Understanding Internet-Related Predefined Policy Applications

When you create a policy, you can specify predefined Internet-related applications for the policy.

Before You Begin

For background information, read Security Policy Applications.

Table 78 lists Internet-related predefined applications. Depending on your network requirements, you can choose to permit or deny any or all of these applications. Each entry lists the application name, default receiving port, and application description.

Table 78: Predefined Applications

Application Name

Port(s)

Application Description

AOL

5190-5193

America Online Internet service provider (ISP) provides Internet, chat, and instant messaging applications.

DHCP relay

67 (default)

Dynamic Host Configuration Protocol.

DHCP

68 client

67 server

Dynamic Host Configuration Protocol allocates network addresses and delivers configuration parameters from server to hosts.

DNS

53

Domain Name System translates domain names into IP addresses.

FTP

  • FTP-Get
  • FTP-Put

 

20 data

21 control

File Transfer Protocol (FTP) allows the sending and receiving of files between machines. You can choose to deny or permit ANY (GET or PUT) or to selectively permit or deny either GET or PUT. GET receives files from another machine and PUT sends files to another machine.

We recommend denying FTP applications from untrusted sources (Internet).

Gopher

70

Gopher organizes and displays Internet servers' contents as a hierarchically structured list of files.

We recommend denying Gopher access to avoid exposing your network structure.

HTTP

8080

HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW).

Denying HTTP application disables your users from viewing the Internet.

Permitting HTTP application allows your trusted hosts to view the Internet.

HTTP-EXT

Hypertext Transfer Protocol with extended non-standard ports

HTTPS

443

Hypertext Transfer Protocol with Secure Sockets Layer (SSL) is a protocol for transmitting private documents through the Internet.

Denying HTTPS disables your users from shopping on the Internet and from accessing certain online resources that require secure password exchange.

Permitting HTTPS allows your trusted hosts to participate in password exchange, shop online, and visit various protected online resources that require user login.

Internet Locator Service

Internet Locator Service includes LDAP, User Locator Service, and LDAP over TSL/SSL.

IRC

6665-6669

Internet Relay Chat (IRC) allows people connected to the Internet to join live discussions.

LDAP

389

Lightweight Directory Access Protocol is a set of protocols used to access information directories.

PC-Anywhere

PC-Anywhere is a remote control and file transfer software.

TFTP

69

Trivial File transfer Protocol (TFTP) is a protocol for simple file transfer.

WAIS

Wide Area Information Server is a program that finds documents on the Internet.
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.