Understanding Junos OS Application Identification Application Package

Juniper Networks regularly updates the predefined application identification application package database that is part of the IDP signature database and makes it available on the Juniper Networks website. This package includes a list of known application objects that can be used in Intrusion Detection and Prevention (IDP) and AppTrack to match traffic. You need to download the application package before configuring application identification or AppTrack.

The application package contains application objects such as ftp and DNS as well as nested applications such as Facebook, Kazaa, and many instant messenger programs. The application database is visible in the configuration, and custom application definitions can be created. For information on custom definitions, see Understanding Junos OS Application Identification Custom Application Definitions. If you do not have IDP enabled and will use application identification with AVT, you will run the following command: request services application-identification download. This command will extract and install the application portion of the IDP signature database to your configuration. If you have IDP enabled and will use application identification, you will continue to run the IDP signature database download. To download the IDP signature database run the following command: request security idp security-package download. The application package download can be performed manually or automatically.

Note: If you have an IDP-enabled device and will use application identification, we recommend that you only download the IDP signature database. This will avoid having two versions of the application database, which may become out of sync. For information on the IDP signature database download that contains its own application database, see Understanding the IDP Signature Database.

Note: The Junos OS application identification application signature package update is a separately licensed subscription service. You must install the application identification application signature update license key on your device to download and install the signature database updates provided by Juniper Networks. When your license key expires, you can continue to use the locally stored application package contents. For license details, see the Junos OS Administration Guide for Security Devices

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding Junos OS Application Identification Services
• Updating Junos OS Application Identification Extracted Application Package Overview
• Example: Updating Junos OS Application Identification Extracted Application Package Manually (CLI)
• Example: Updating Junos OS Application Identification Extracted Application Package Automatically (CLI)