Understanding Junos OS Application Identification for Nested Applications

With the greater use of application protocol encapsulation, the need arises to support the identification of multiple different applications running on the same Layer 7 protocols. For example, applications such as Facebook and Yahoo Messenger can both run over HTTP, but there is a need to identify them as two different applications running on the same Layer 7 protocol. In order to do this, the current application identification layer is split into two layers: Layer 7 nested applications and Layer 7 protocols.

The included predefined application signatures have been created to detect the Layer 7 nested applications whereas the existing Layer 7 protocol signatures, such as FTP and HTTP, still function in the same manner. These predefined application signatures can be used in attack objects.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding Junos OS Application Identification Application Package
• Activating Junos OS Application Identification for Nested Applications (CLI Procedure)
• Understanding Junos OS Application Identification Services