Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Application Security for Tenant Systems

Application Security in tenant systems identifies application traffic traversing your network regardless of port, protocol, and encryption, and thereby provides greater visibility to control network traffic. The application security controls network traffic by setting and enforcing security policies based on accurate application information.

Application Identification Services for Tenant Systems Overview

Predefined and custom application signatures identify an application by matching patterns in the first few packets of a session. Identifying applications provides the following advantages:

  • Allows Intrusion Detection and Prevention (IDP) to apply appropriate attack objects to applications running on nonstandard ports.

  • Improves performance by narrowing the scope of attack signatures for applications without decoders.

  • Enables you to create detailed reports using AppTrack on applications passing through the device.

With tenant systems, predefined and custom application signatures are global resources that are shared by all tenant systems. Application identification (AppID) is enabled by default for a tenant system. The following are the privileges and responsibilities of the primary administrator over AppID:

  • Download and install the predefined Juniper Networks application signatures.

  • Create custom application and nested application signatures to identify applications that are not a part of the predefined database.

  • View or clear the application identification statistics and counters for all tenant systems.

  • Uninstall application signature package.

The application system cache (ASC) saves the mapping between an application type and the corresponding destination IP address, destination port, protocol type, and service. Each tenant system has its own ASC. A tenant system or the primary administrator can view or clear ASC entries for any tenant system.

The AppID support for tenant systems include two options to view or clear tenant system statistics and tenant system counters for their own tenant system. Because the statistics reset time is common across the tenant systems, when you configure a new tenant system for the very first time, the statistics for that tenant system may get cleared even before the configured statistics reset time.

The custom signatures configured by the primary administrator can be configured in the tenant system security policies.

As a primary administrator or a tenant system user, you can use the commands show services application-identification status and show services application-identification version to view the status and version information about the AppID signature package.