Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify the profile options, rule set and rule specifications, and trace options to be used for application firewall implementations.

You can configure the application firewall by defining a collection of rule sets. These rule sets can be defined independently and shared across network security policies. A rule set defines the rules that match the application ID detected, based on the application signature.

The application firewall support in the security policies provides additional security control for dynamic applications.

Starting in Junos OS Release 18.2R1, the application firewall (AppFW) functionality is deprecated. As a part of this change, the [edit security application-firewall] hierarchy and all the configuration options under this hierarchy are deprecated— rather than immediately removed—to provide backward compatibility and an opportunity to bring your configuration into compliance with the new configuration.


The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 11.1. Updated with the ssl-encryption and reject options in Junos OS Release 12.1X44-D10. Updated with the block-message option in Junos OS Release 12.1X45-D10.

The tenant option is introduced for Junos OS Release 18.4R1.