Examples: Configuring Application Protocols

The following example shows an application protocol definition describing a special FTP application running on port 78:

[edit applications]application my-ftp-app {application-protocol ftp;protocol tcp;destination-port 78;timeout 100; # inactivity timeout for FTP service}

The following example shows a special ICMP protocol (application-protocol icmp) of type 8 (ICMP echo):

[edit applications]application icmp-app {application-protocol icmp;protocol icmp;icmp-type icmp-echo;}

The following example shows a possible application set:

[edit applications]application-set basic {http;ftp;telnet;nfs;icmp;}

The software includes a predefined set of well-known application protocols. The set includes applications for which the TCP and UDP destination ports are already recognized by stateless firewall filters.

The following example shows a complete configuration for SIP and its related statements:

[edit]applications {application sip {application-protocol sip;protocol udp;destination-port 5060;inactivity-timeout 300;learn-sip-register;}}interfaces {sp-0/2/0 {services-options {syslog {host local {services any;}}}unit 0 {family inet;}}ge-1/0/0 {description amazon_eth2;unit 0 {family inet {service {input {service-set test_sip;}output {service-set test_sip;}}address 10.200.1.1/30;}}}ge-1/1/0 {description maxtor_eth1;unit 0 {family inet {address 10.100.1.1/30;}}}}services {stateful-firewall {rule sip {match-direction input-output;term 0 {from {applications sip;}then {accept;}}}}ids {rule ids {match-direction input-output;term 0 {then {force-entry;logging {threshold 1;syslog;}}}}}service-set test_sip {syslog {host local {services any;}}stateful-firewall-rules sip;ids-rules ids;interface-service {service-interface sp-0/2/0;}}}