Example: Configuring IDP Applications and Services (CLI)

To create custom applications, specify a meaningful name for an application and associate parameters with it—for example, inactivity timeout, or application protocol type.

Before you begin:

1. Configure network interfaces. See the Junos OS Interfaces Configuration Guide for Security Devices.
2. Enable Intrusion Detection and Prevention (IDP) application services in a security policy. See Example: Enabling IDP in a Security Policy.

The configuration instructions in this topic describe how to create an application cust-app and specify it as a match condition in the IDP policy ABC. In this example you create a special FTP application running on port 78. You also specify the inactivity timeout value as 6000 seconds:

To create an application and associate it with an IDP policy:

1. Specify a unique name for the application. The following statement specifies cust-app as the name of the application:
   user@host# set applications application cust-app
2. Specify application properties. The following statement specifies an FTP application using the TCP protocol and the port 78. Inactivity timeout for the FTP service is set to 6000 seconds.
   user@host# set applications application cust-app application-protocol ftp protocol tcp destination-port 78 inactivity-timeout 6000
3. Specify the application as a match condition in a policy. The following statement adds the cust-app application to the ABC policy:
   user@host# set security idp idp-policy ABC rulebase-ips rule ABC match application cust-app
4. If you are finished configuring the device, commit the configuration.
5. For more information, see the Junos OS CLI Reference.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Application Sets
• Example: Configuring IDP Applications Sets
• Example: Enabling IDP in a Security Policy