Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Application Identification for Nested Applications

The application identification feature is used by intrusion detection and prevention (IDP) to allow or deny traffic based on applications running on standard or nonstandard ports. Nested applications are protocols running over the parent application. For example, both Facebook and Yahoo Messenger can run over HTTP, but there is a need to identify them as two different applications. To do this, the application layer is split into two layers: Layer 7 applications and Layer 7 protocols.

The predefined application signatures included with Junos OS have been created to detect the Layer 7 nested applications. Predefined application signatures can be used in attack objects.

To configure nested application properties, include the nested-application statement at the [edit services application-identification] hierarchy level:

You can include the following application rule properties:

• chain-order—Signatures can contain multiple members. If the chain order feature is on, those members are read in order. The default for this option is no chain order. If a signature contains only one member, this option is ignored.
• context—Define a service specific context. The options are http-header-content-type , http-header-host , http-url-parsed, http-url-parsed-param-parsed. This statement is mandatory.
• direction—The connection direction of the packets to apply pattern matching. The options are client-to-server, server-to-client, or any. This statement is mandatory.
• index—A number that is a one-to-one mapping to the application name that is used to ensure that each signature definition is unique. The index range for predefined applications is 1 through 32767. The index range for custom applications and custom nested applications is 32768 through 65534.
• maximum transactions—The maximum number of transactions that should occur before a match is made. This statement is mandatory.
• member—Define a member name for a custom nested application signature definition. Custom definitions can contain multiple members that define attributes for an application.
• order—Define application matching priority. For address configurations, the order number resolves the conflict when multiple address entries are matched for a specific session. The lower number has higher priority. This statement is mandatory.
• pattern—Define an attack pattern to be detected. This statement is mandatory.
• protocol—The protocol that will be monitored to identify nested applications. The value http is supported. This statement is mandatory.
• signature—Name of the custom nested application signature definition. Must be a unique name with a maximum length of 32 characters. This statement is mandatory.
• type—Well- known application name for this application definition, such as Facebook or Kazza. This application name must be unique with a maximum length of 32 characters. This statement is mandatory.