This configuration specifies the properties for identifying an application for which a source or destination IP address and port is used for a known application, without the requirement of an application signature. For example, the Session Initiation Protocol (SIP) server initiates a session from its identified port, 5060. You can therefore specify the SIP server IP address and port 5060 in the port mapping configuration for the SIP application. The advantage of using this method is to provide efficiency and accuracy of application identification for your network.
To configure application rule properties, include the rule statement at the [edit services application-identification] hierarchy level:
- rule rule-name {
-
- address address-name {
-
- destination {
- ip address</prefix-length>;
-
- port-range {
- tcp [ ports-and-port-ranges ];
- udp [ ports-and-port-ranges ];
- }
- }
-
- source {
- ip address</prefix-length>;
-
- port-range {
- tcp [ ports-and-port-ranges ];
- udp [ ports-and-port-ranges ];
- }
- }
- order number;
- }
- application application-name;
- disable;
- }
You can include the following application rule properties:
The rule-set statement defines a collection of APPID rules that determine what actions the router software performs on packets in the data stream. You define each rule by specifying a rule name and configuring terms. Then, you specify the order of the rules by including the rule-set statement at the [edit services application-identification] hierarchy level with a rule statement for each rule:
- rule-set rule-set-name {
- rule application-rule-name;
- }
For a configuration example, see Examples: Configuring Application Identification Properties.