nested-application

Syntax

nested-application name {index;protocol;signature name {chain-order;maximum-transactions;member name {context [http-header-content-type | http-header-host | http-url-parsed | http-url-parsed-param-parsed];direction [any | client-to-server | server-to-client];pattern dfa-pattern;}order value;}type name;}

Hierarchy Level

[edit services application-identification]

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

Configure a custom nested application definition for the desired application name that will be used by the system to identify the nested application as it passes through the device. Custom nested application definitions can be used for nested applications that are not part of the Juniper Networks predefined nested application database.

Options

index—A number that is a one-to-one mapping to the application name that is used to ensure that each signature definition is unique. The index range for predefined applications is 1 through 32767. The index range for custom applications and custom nested applications is 32768 through 65534. (Required)

protocol—The protocol that will be monitored to identify nested applications. HTTP is supported.

signature name—Name of the custom nested application signature definition. Must be a unique name with a maximum length of 32 characters. (Required)

chain-order—Signatures can contain multiple members. If chain-order is on, those members are read in order. The default for this option is no chain order. If a signature only contains one member, this option is ignored.

maximum-transactions—The maximum number of transactions that should occur before a match is made.

member name—Defines a member name for a custom nested application signature definition. Custom definitions can contain multiple members that define attributes for an application.

context—Define a service specific context, such as http-url.

direction—The connection direction of the packets to apply pattern matching. The options are client-to-server, server-to-client, or any.

pattern dfa-pattern—Define the DFA pattern to match in the context.

order—When there are multiple patterns matched for the same session, the lowest order number takes the highest priority. Must be unique. (Required)

type—Well known application name for this application definition, such as Facebook and Kazza. Must be a unique name with a maximum length of 32 characters. (Required)

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.