Example: Configuring IDP Applications Sets (CLI)

To configure an application set, you add predefined or custom applications separately to an application set and assign a meaningful name to the application set. Once you name the application set you specify the name as part of the policy. For this policy to apply on a packet, the packet must match any one of the applications included in this set.

Before you begin:

1. Configure network interfaces. See the JUNOS Software Interfaces Configuration Guide for Security Devices.
2. Enable Intrusion Detection and Prevention (IDP) application services in a security policy. See Example: Enabling IDP in a Security Policy (CLI).

The configuration instructions in this topic describe how to create an application set SrvAccessAppSet and associate it with an IDP policy ABC. The application set SrvAccessAppSet combines three applications. Instead of specifying three applications in the policy rule, you specify one application set. If all of the other criteria match, any one of the applications in the application set serves as valid matching criteria.

To create an application set and associate it with an IDP policy:

1. Create an application set and specify applications to be included in the set. The following statements create the SrvAccessAppSet application set that includes a set of three applications:
   user@host# set applications application-set SrvAccessAppSet application sshuser@host# set applications application-set SrvAccessAppSet application telnetuser@host# set applications application-set SrvAccessAppSet application custApp
2. Associate the application set with an IDP policy. The following statement associates the application set SrvAccessAppSet to IDP policy ABC:
   user@host# set security idp idp-policy ABC rulebase-ips rule ABC match application SrvAccessAppSet
3. Specify an action for the policy. The following statement permits traffic from applications specified in the application set:
   user@host# set security idp idp-policy ABC rulebase-ips rule ABC then action no-action
4. If you are finished configuring the device, commit the configuration.
5. For more information, see the JUNOS Software CLI Reference.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Understanding IDP Application Sets
• Example: Configuring IDP Applications and Services (CLI)
• Example: Enabling IDP in a Security Policy (CLI)