Understanding Internet-Related Predefined Policy Applications
When you create a policy, you can specify predefined Internet-related applications for the policy.
Table 15 lists Internet-related predefined applications. Depending on your network requirements, you can choose to permit or deny any or all of these applications. Each entry lists the application name, default receiving port, and application description.
Table 15: Predefined Applications
Application Name | Port(s) | Application Description |
|---|---|---|
AOL | 5190-5193 | America Online Internet service provider (ISP) provides Internet, chat, and instant messaging applications. |
DHCP relay | 67 (default) | Dynamic Host Configuration Protocol. |
DHCP | 68 client 67 server | Dynamic Host Configuration Protocol allocates network addresses and delivers configuration parameters from server to hosts. |
DNS | 53 | Domain Name System translates domain names into IP addresses. |
FTP
|
20 data 21 control | File Transfer Protocol (FTP) allows the sending and receiving of files between machines. You can choose to deny or permit ANY (GET or PUT) or to selectively permit or deny either GET or PUT. GET receives files from another machine and PUT sends files to another machine. We recommend denying FTP applications from untrusted sources (Internet). |
Gopher | 70 | Gopher organizes and displays Internet servers' contents as a hierarchically structured list of files. We recommend denying Gopher access to avoid exposing your network structure. |
HTTP | 8080 | HyperText Transfer Protocol is the underlying protocol used by the World Wide Web (WWW). Denying HTTP application disables your users from viewing the Internet. Permitting HTTP application allows your trusted hosts to view the Internet. |
HTTP-EXT | — | Hypertext Transfer Protocol with extended nonstandard ports |
HTTPS | 443 | Hypertext Transfer Protocol with Secure Sockets Layer (SSL) is a protocol for transmitting private documents through the Internet. Denying HTTPS disables your users from shopping on the Internet and from accessing certain online resources that require secure password exchange. Permitting HTTPS allows your trusted hosts to participate in password exchange, shop online, and visit various protected online resources that require user login. |
Internet Locator Service | — | Internet Locator Service includes LDAP, User Locator Service, and LDAP over TSL/SSL. |
IRC | 6665-6669 | Internet Relay Chat (IRC) allows people connected to the Internet to join live discussions. |
LDAP | 389 | Lightweight Directory Access Protocol is a set of protocols used to access information directories. |
PC-Anywhere | — | PC-Anywhere is a remote control and file transfer software. |
TFTP | 69 | Trivial File transfer Protocol (TFTP) is a protocol for simple file transfer. |
WAIS | — | Wide Area Information Server is a program that finds documents on the Internet. |
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Security Policy Applications Overview
- Understanding Dynamic Routing Protocols Predefined Policy Applications
- Example: Configuring Applications and Application Sets