Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Understanding Firefly Perimeter AppSecure Services

Starting with Junos OS Release 12.1X47-D20, Firefly Perimeter supports the AppSecure feature. AppSecure service modules can be configured to monitor and control traffic for tracking, prioritization, access control, and intrusion detection and prevention based on the application ID of the traffic. AppSecure Services include the application identification (AppID), application quality of service (AppQoS), application firewall (AppFW), and application tracking (AppTrack) features.

AppID identifies applications as parts of application clusters in TCP/UDP/ICMP traffic. Application Identification strengthens the firewall at different network layers using different techniques rather than port numbers and IP addresses. Application signatures are modified to provide security at application levels.

AppQoS expands on the capability to mark Differentiated Services code point (DSCP) values based on Layer 7 application types. Rate limiters, DSCP rewriters, loss priority settings, and unique forwarding classes and queue assignments are techniques used by AppQoS.

AppFW identifies not only HTTP but also any application running on top of it, letting you properly enforce policies. With the growing popularity of Web applications and the shift from traditional full client-based applications to the Web, more and more traffic is being transmitted over HTTP, where an application firewall rule could block HTTP traffic from Facebook but allow Web access to HTTP traffic from MS Outlook. A security administrator implements an application firewall by performing the following tasks:

• Define one or more application firewall rule sets.
• Create rules for each rule set that permit, reject, or deny traffic based on the application ID.
• Configure a security policy to invoke the application firewall service and specify the rule set to be applied to permitted traffic.

AppTrack provides statistics for analyzing bandwidth usage of your network. When enabled, AppTrack collects byte, packet, and duration statistics for application flows in the specified zone. By default, when each session closes, AppTrack generates a message that provides the byte and packet counts and duration of the session, and sends it to the host device. AppTrack supports both IPv4 and IPv6 addressing.