Example: Setting Memory and Session Limits for IDP Application Identification (CLI)

The configuration instructions in this topic describe how to configure memory and session limits for application identification.

Before you begin, make sure that you have completed following:

1. Configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices.
2. Download the signature database. See Example: Updating the IDP Signature Database Manually (CLI).

In the configuration instructions for this example, you configure the limit so that only 600 sessions can run application identification at the same time. You also configure 5000 memory bytes as the maximum amount of memory that can be used for saving packets for application identification for one TCP session.

To configure memory and session limits for application identification:

1. Specify the session limit for application identification. In the following statement you set the maximum number of sessions that can run application identification at the same time as 600:
   user@host# set security idp sensor-configuration application-identification max-sessions 600
2. Specify the memory limit for application identification. In the following statement you configure a maximum of 5000 memory bytes to save packets for application identification:
   user@host# set security idp sensor-configuration application-identification max-tcp-session-packet-memory 5000
3. If you are finished configuring the device, commit the configuration.
4. From configuration mode in the CLI, enter the show security idp command to verify the configuration. For more information, see the Junos OS CLI Reference.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Application Identification
• IDP Policies Overview
• Understanding the IDP Signature Database
• Example: Updating the IDP Signature Database Manually (CLI)
• Understanding Memory and Session Limit Settings for IDP Application Identification