application-services (Security Policies)
Syntax
application-services {
(redirect-wx | reverse-redirect-wx);
advanced-anti-malware-policy advanced-anti-malware-policy;
anti-virus-policy anti-virus-policy;
application-traffic-control {
rule-set rule-set;
}
captive-portal {
profile profile;
}
casb-policy casb-policy;
gtp-profile gtp-profile;
icap-redirect icap-redirect;
idp-policy idp-policy;
packet-capture;
sctp-profile sctp-profile;
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
security-intelligence-policy security-intelligence-policy;
ssl-proxy {
profile-name profile-name;
}
transparent-proxy {
profile-name profile-name;
}
uac-policy {
captive-portal captive-portal;
}
utm-policy utm-policy;
}Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit]
Description
Enable application services within a security policy. You can enable service such as application firewall, IDP, Content Security, SSL proxy, and so on by specifying them in a security policy permit action, when the traffic matches the policy rule.
Options
| advanced-anti-malware-policy |
Specify advanced-anti-malware policy name. |
||
| application-firewall |
Specify the rule sets configured as part of application firewall to be applied to the permitted traffic. |
||
| application-traffic-control |
Specify the rule sets configured as part of AppQoS, application-aware quality of service, to be applied to the permitted traffic. |
||
| casb-policy |
Specify CASB policy name. |
||
| gprs-gtp-profile |
Specify GPRS tunneling protocol profile name. |
||
| gprs-sctp-profile |
Specify GPRS stream control protocol profile name. |
||
| idp |
Apply Intrusion detection and prevention (IDP) as application services. |
||
| redirect-wx |
Specify the WX redirection needed for the packets that arrive from the LAN. |
||
| reverse-redirect-wx |
Specify the WX redirection needed for the reverse flow of the packets that arrive from the WAN. |
||
| security-intelligence-policy |
Specify security-intelligence policy name. |
||
| security-intelligence |
Specify the security intelligence feed post action. The following feeds are supported:
|
||
| ssl-proxy profile-name |
Specify SSL proxy profile name to enable the feature. An SSL proxy profile defines SSL behavior for the SRX Series Firewall. |
||
| transparent-proxy profile-name |
Specify transparent web proxy profile name. The transparent web proxy profile is configured with dynamic application and external proxy server details. This profile is attached to the security policy and applied on the permitted traffic. Starting in Junos OS Release 25.2R1, we've renamed the secure web proxy as transparent web proxy. If you are using Junos OS versions prior to 25.2R1, see secure-proxy. |
||
| uac-policy |
Enable Unified Access Control (UAC) for the security policy. This statement is required when you are configuring the SRX Series Firewall to act as a Junos OS Enforcer in a UAC deployment.
|
||
| utm-policy utm-policy |
Specify Content Security (formerly known as UTM) policy name. The Content Security policy configured for antivirus, antispam, content-filtering, traffic-options, and Web-filtering protocols is attached to the security policy to be applied to the permitted traffic. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 11.1.