Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Configuring Junos OS Application Identification Custom Application Definitions (CLI)
Application identification supports custom application definitions to detect applications as they pass through the device. When you configure custom definitions, make sure your definitions are unique.
Table 71 shows the comparison between custom and predefined configuration parameters for applications. These differences will ensure that custom application definitions are unique to the predefined definitions so they are not deleted when updating or deleting the predefined application package.
Table 71: Custom Application Definitions and Predefined Definitions Comparison
Predefined | Custom |
|---|---|
index range: 1 through 32767 | index range: 32768 through 65534 |
name prefix junos | name prefix is user defined (junos is reserved for predefined signatures) |
order field unique for all applications and nested applications | order field unique for all applications and nested applications |
Table 72 shows the available attributes for creating a custom application definition. The hierarchy level is [edit services application-identification application application-name].
Table 72: Custom Application Definition Attributes
Attribute | Description |
|---|---|
application-name | Name of the custom application definition. Must be a unique name with a maximum length of 32 characters. (Required) |
disable | Do not match traffic for this application. Default is off. |
index | A number that is a one-to-one mapping to the application name that is used to ensure that each signature definition is unique. The index range for predefined applications is 1 through 32767. The index range for custom applications and custom nested applications is 32768 through 65534. (Required) |
Signature Attributes | |
signature | Define the application signature attributes for pattern matching. (Required) |
client-to-server | Defines the attributes for traffic in the client-to-server direction. dfa-pattern: Maximum length is 1023. (Optional) regex: Enter a regular expression that should be matched for client to server traffic. |
disable | Toggle on means a signature method is not used to identify this application. Default is off. |
min-data | The minimum number of bytes or packets to apply to the dfa-pattern. Default is 10, range is 4 through 1024. |
order | When there are multiple patterns matched for the same session, the lowest order number takes the highest priority. Must be unique. (Required) |
port-range | Default ranges: TCP/0 through 65535, UDP/0 through 65535. (Optional) |
server-to-client | Defines the attributes for traffic in the client-to-server direction. dfa-pattern: Default ranges: TCP/0 through 65535, UDP/0 through 65535. (Optional) regex: Enter a regular expression that should be matched for server-to-client traffic. |
The following example identifies an application named “my-app” operating over the HTTP protocol on TCP port 6400 with a signature port range of TCP 0–65535.
- Set the application name you will use in your
policy for your custom application.[edit services application identification]user@host# set application my-app
- Set the application type.[edit services application identification]user@host# set application my-app type HTTP
- Set the index number.[edit services application identification]user@host# set application my-app index 33000
- Set the signature information by starting
with the signature port range.[edit services application identification]user@host# set application my-app signature port-range tcp 0–65535.
- Set the signature client-to-server dfa-pattern.[edit services application identification]user@host# set application my-app signature client-to-server dfa-pattern \xff\x[\xfa-\xff].*
- Set the signature server-to-client dfa-pattern.[edit services application identification]user@host# set application my-app signature server-to-client dfa-pattern \xff\x[\xfa-\xff].*
- Set the signature min data value[edit services application identification]user@host# set application my-app signature min-data 2
- Set the signature order.[edit services application identification]user@host# set application my-app signature order 102
Now that your custom definition has been defined, you can use it in your policy. For information on policies, see Example: Configuring IDP Policies for Application Identification (CLI).
Related Topics
- Junos OS Feature Support Reference for SRX Series and J Series Devices
- Understanding Junos OS Application Identification Custom Application Definitions
- Understanding Junos OS Application Identification Application Package
- Understanding Junos OS Application Identification Services
