Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


application-firewall (Application Services)


Hierarchy Level


Specify the rule sets configured as part of application firewall to be applied to permitted traffic in a security policy.

The application firewall is defined by a collection of rule sets. You can implement an application firewall by defining one or more application firewall rule sets and creating rules for each rule set that permit, reject, or deny traffic based on the application ID. These rule sets can be defined independently and shared across network security policies. Then you configure a security policy to invoke the application firewall service and specify the rule set to be applied to permitted traffic.

Starting in Junos OS Release 18.2R1, the application firewall (AppFW) functionality is deprecated. As a part of this change, the [edit security application-firewall] hierarchy and all the configuration options under this hierarchy are deprecated— rather than immediately removed—to provide backward compatibility and an opportunity to bring your configuration into compliance with the new configuration.


rule-set rule-set-name—Name of the rule set that contains application firewall specification rules.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.1.