context (Application Identification)

Syntax

Hierarchy Level

[edit services application-identification application application-name over protocol-type signature name member name ]

Description

Specify context for matching application running over TCP, UDP, or Layer 7.

Application identification supports custom application signatures to detect applications as they pass through the device. You can create custom application signatures for applications based on ICMP, IP protocol, IP address, and Layer 7. While configuring custom application signatures, you must specify context values that the device can use to match patterns in the application traffic.

Options

`context`	Specify the context type. For example, Following options are available in application signature package version 3284.
ftp-content-type	Content type of the transferred file.
ftp-file-name	Filename being transferred.
ftp-greeting-message	First line of the server banner.
ftp-load-way	File transfer way—upload or download.
ftp-method	FTP command sent.
ftp-return-content	Message of server's response.
http-filename	The name of the file being fetched or posted. Extracted if content-disposition field has a filename.
http-get-url-parsed-param-parsed	The decoded, normalized GET URL in an HTTP request along with the decoded CGI parameters (if any).
http-header-content-type	Content-type header in an HTTP transaction.
http-header-cookie	Cookie header in an HTTP transaction.
http-header-host	Host header in an HTTP transaction.
http-header-user-agent	User-agent header in an HTTP transaction.
http-post-url-parsed-param-parsed	Decoded, normalized POST URL in an HTTP request along with the decoded CGI parameters (if any).
http-post-variable-parsed	Decoded POST URL or form data variables.
http-url-parsed	Decoded, normalized URL in an HTTP request.
http-url-parsed-param-parsed	Decoded, normalized URL in an HTTP request along with the decoded CGI parameters (if any).
imap-attach-filename	Name of the file attached.
imap-attach-transfer-encoding	Encoding of the attached content.
imap-attach-type	Content type of the sent attached file
imap-auth-type	Used authentication type.
imap-content-language	Language of the message content.
imap-content-transfer-encoding	The encoding of the content
imap-content-type	Content type of the transferred file.
imap-greeting-message	Greeting message of the server
imap-method	Command sent by the client.
imap-mime-version	Version of the message body format standard used in the mail protocol.
imap-received-by-name	Receiving host name.
imap-received-from-name	Sending host name.
smtp-attach-filename	Attachment file name.
smtp-attach-transfer-encoding	Encoding of the attached content.
smtp-attach-type	Content type of the sent attached file.
smtp-content-language	Language of the message content.
smtp-content-transfer-encoding	Encoding of the content
smtp-content-type	Content type of transferred file
smtp-greeting-message	Greeting message of the server
smtp-method	Command sent by the client.
smtp-mime-version	Version of the message body format standard.
smtp-received-by-name	Name of the receiving host.
smtp-received-from-name	Name of the sending host.
smtp-server	The SMTP server name
ssl-common-name	Domain name in the certificate.
ssl-issuer	Certificate Authority.
ssl-organization-name	Organisation name in the certificate.
ssl-protocol-version	SSL/TLS protocol version chosen by the server.
ssl-server-name	Server name in TLS server name extension or SSL server certificate.
ssl-subject-alt-name	Subject Alternative Name (SAN). An SAN certificate allows users to specify multiple domain names and IP addresses in a single certificate. Custom application signatures can detect applications based on the application’s host names available in the SAN field of the SSL certificate.
ssl-version	SSL major version in the handshake.
ssl-server-name	Server name in the TLS server name extension or the SSL server certificate. This is also known as Server Name Indication (SNI).
stream	TCP or UDP stream data.

Examples of context types with direction. When configuring custom application signatures, the context-direction combinations as mentioned in Table 1 is supported. Any other combination other than this is not supported.

Table 1: Supported Context-Direction Combination for Custom Application Signatures
Context	Direction
http-get-url-parsed-param-parsed	client-to-server
http-header-host	client-to-server
http-header-user-agent	client-to-server
http-post-url-parsed-param-parsed	client-to-server
http-post-variable-parsed	client-to-server
http-url-parsed	client-to-server
http-url-parsed-param-parsed	client-to-server
ssl-server-name	client-to-server
stream	any/client-to-server/server-to-client
http-header-content-type	any/client-to-server/server-to-client
http-header-cookie	any/client-to-server/server-to-client

Note:

If you are planning to upgrade the device to Junos OS release 15.1X49-D60 from the previous versions of the Junos OS, you must change the configuration to the valid combination of context-direction as mentioned in Table 1 to avoid any commit failure and possible disabling of the secondary node.

Note:

If the MX Series router is running Next Gen Services, then the following restrictions apply:

Only the http-header context types are available at the [edit services application-identification application application-name over http signature l4-l7-signature-name member member-name] hierarchy level.
Only the ssl-server context type is available at the [edit services application-identification application application-name over ssl signature l4-l7-signature-name member member-name] hierarchy level.
Only the stream context type is available at the [edit services application-identification application application-name over (tcp | udp) signature l4-l7-signature-name member member-name] hierarchy level.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X49-D40.

Support for Next Gen Services introduced in Junos OS Releases 19.3R2 and 19.4R1 on MX Series MX240, MX480 and MX960 using the MX-SPC3 services card.

ON THIS PAGE