The application-aware access list (AACL) service adds support for a new service that uses application names and groups as matching criteria for filtering traffic. AACL is a stateless, rules-based service that can be combined with application identification to enable policies to be applied to flows based on application and application group membership in addition to traditional packet matching rules. AACL is currently supported only on MultiServices DPCs running on MX-series platforms. It is configured in a similar way to other rules-based services such as NAT, CoS, and stateful firewall. To configure AACL, include rule specifications for match criteria and actions at the [edit services aacl] hierarchy level. You can chain AACL rules along with other service rules by including them in a service-set definition at the [edit services service-set] hierarchy level, as previously documented.
There is one pair of related operational commands, show/clear application-aware-access-list statistics.
For more information on the CLI configuration, see the Application-Aware Access List Configuration Guidelines and Summary of AACL Configuration Statements. For more information on the operational command, see the JUNOS System Basics and Services Command Reference.