signature

Syntax

signature {client-to-server {dfa-pattern pattern;regex;}disable;min-data bytes;order;port-range {tcp <TCP-port-range>;udp <UDP-port-range>;}server-to-client {dfa-pattern pattern;regex;}}

Hierarchy Level

[edit services application-identification application application-name]

Release Information

Statement introduced in Release 10.2 of Junos OS.

Description

Configure the signature attributes for a custom application definition.

Options

client-to-server—Define the attributes for traffic in the client to server direction.

dfa-pattern—Define the dfa pattern for the application traffic in the client-to-server direction. Maximum length is 1023.

regex—Enter a regular expression that should be matched for client to server traffic.

disable—Toggle on means signature method is not used to identify this application. Default is off.

min-data—The minimum number of bytes or packets to apply to the dfa-pattern. Default is 10, range is 4 through 1024.

order—When there are multiple patterns matched for the same session, the lowest order number takes the highest priority. Must be unique. (Required)

port-range [tcp | udp]—Define the port range for the application. Default ranges: TCP/0 through 65535, UDP/0 through 65535. (Optional)

server-to-client—Define the attributes for traffic in the server to client direction.

dfa-pattern—Define the dfa pattern for the application traffic in the server to client direction. Maximum length is 1023.

regex—Enter a regular expression that should be matched for server to client traffic.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

trace—To view this statement in the configuration.

trace-control—To add this statement to the configuration.