application (Application Identification)
Syntax
application application-name {
address-mappingaddress-name {
filter {
ip ip-address-and-prefix-length;
port-range {
tcp [port];
udp [port];
}
}
}
cacheable;
description;
icmp-mapping {
code number;
type number;
}
ip-protocol-mapping {
protocol number;
}
priority high;
order;
over protocol-type {
signature name {
member name {
context {
context;
}
direction {
any;
client-to-server;
server-to-client;
}
pattern pattern;
depth byte-number;
}
port-range value;
priority [high | low];
type;
risk;
}
Hierarchy Level
[edit services application-identification]
Description
Configure application definition.
You can create custom application signatures by specifying a name, protocol, port where the application runs, and match criteria. You can create ICMP-based, address-based, IP protocol-based, and Layer 7-based custom application signatures. Custom applications are created to to identify applications over Layer 7 and transiting or temporary applications, and to achieve further granularity of known applications.
Custom application definitions can be used for applications that are not part of the Juniper Networks predefined application database.
Options
| application application-name | Name of the custom application signature. Must be a unique name with a maximum length of 63 characters. Note:
Application names are case insensitive. |
| cacheable | Enable caching of application identification results. By enabling this option, you can cache the application detection result in an ASC table. If there is an entry in the ASC table, based on the destination IP address, protocol, and the port, we can identify AppID without again sending packet to engine. This option is not supported for address-based, IP protocol-based, and ICMP-based custom application signatures. |
| description | Description of the application. |
| priority | Priority of custom applications over the predefined applications.
|
| order number | Specify the order for the custom application. Lower order has higher priority. This option is used when multiple custom applications of the same type match the same traffic. However, you cannot use this option to prioritize among different type of applications such as TCP stream-based applications against TCP port-based applications or IP address-based applications against port-based applications. |
| priority [high | low] | Specify the priority over other signature applications. |
| type | Specify if application is a well-known application such as HTTP and FTP. |
| risk | Custom application risk value should range from 1 to 5 to keep in sync with the predefined applications. The default value is 1 when the risk is not configured. Configuring risk value for custom application signatures is not supported. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
trace—To view this statement in the configuration.
trace-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 15.1X49-D40.
Risk option
introduced in Junos OS Release 19.1R1.