application-identification (Application Identification)
Syntax
application-identification {
application application-name <description description> {
address-mapping name {
destination {
ip ip-address-prefix;
}
source {
ip ip-address-prefix;
}
order order;
order-priority (high | low);
}
}
alt-name alt-name;
cacheable;
compatibility junos-compatibility-version;
description description;
icmp-mapping {
code icmp-code;
order order;
order-priority (high | low);
type icmp-type;
}
ip-protocol-mapping {
order order;
order-priority (high | low);
protocol protocol-number
}
order
over protocol-type {
signature l4-l7-signature-name {
chain-order
member member-name {
check-bytes max-bytes-to-check;
context context;
pattern pattern;
direction direction;
}
order order;
order-priority (high | low);
port-range {
tcp [port-range];
udp [port-range];
}
protocol (http | ssl | tcp | udp);
]
}
priority;
tags tag-value;
type type;
}
application-group group-name {
disable;
application-groups {
application-group-name;
}
applications {
application-name;
}
index number;
}
application-system-cache-timeout;
download {
}
inspection-limit {
tcp {
byte-limit byte-limit-number;
packet-limit packet-limit-number;
}
udp {
byte-limit byte-limit-number;
packet-limit packet-limit-number;
}
}
micro-apps;
micro-app-max-transactions value;
no-application-system-cache;
statistics {
interval minutes;
}
traceoptions {
file {
filename ;
files number;
match regular-expression;
size maximum-file-size;
(world-readable | no-world-readable);
}
flag flag;
level [all | error | info | notice | verbose | warning]
no-remote-trace;
}
no-application-system-cache;
packet-capture
profile profile-name
}
Hierarchy Level
[edit services]
Description
Configure application identification to identify applications regardless of the application port or protocol that is used to transmit the application.
Use this option to configure various options for the application identification such as application signatures, application groups, signature package download option, enable and deactivating application system cache, application traffic throughput, micro applications, application identification inspection limit, trace options and so on to use the application identification functionality.
Once the application is determined, other AppSecure service modules are configured to monitor and control traffic for tracking, prioritization, access control, detection, and prevention based on the application ID of the traffic.
Options
| application application-name |
Configure application definition. You can create custom application signatures by specifying a name, protocol, port where the application runs, and match criteria. |
||||||||
| application-group group-name |
Configure a custom application group for application identification. |
||||||||
| application-system-cache-timeout value |
Specify the timeout value in seconds for the application system cache (ASC) entries. |
||||||||
| download |
Configure automatic download for the application identification services application package. |
||||||||
| enable-cdn-application-detection |
Enable application identification (AppID) to classify a web application hosted on a content delivery network (CDN). |
||||||||
| enable-performance-mode max-packet-threshold number |
Set the deep packet inspection (DPI) in performance mode for application identification. |
||||||||
| global-offload-byte-limit byte-limit-number |
Specify the maximum number of byte limit before concluding the classification for identifying an application. Note:
The byte limit excludes the IP header and the TCP/UDP header lengths.
|
||||||||
| imap-cache-size number |
Configure to limit the maximum number of entries in the IMAP cache. |
||||||||
| imap-cache-timeout time-period |
Specify the timeout value for the entries in the IMAP cache cache. |
||||||||
| inspection-limit |
Specify the maximum number of byte limit before concluding the classification for identifying an application in TCP and UDP sessions. Note:
The byte limit excludes the IP header and the TCP/UDP header lengths.
|
||||||||
| max-memory value |
Specify maximum memory limit for the deep packet inspection (DPI).
|
||||||||
| micro-apps |
Enable micro-application detection with application identification feature. |
||||||||
| micro-app-max-transactions |
Set the number of micro-applications transaction finals to terminate application classification.
|
||||||||
| no-application-identification; |
Disable the application identification of applications running on nonstandard ports. By default, application identification is enabled on the device. |
||||||||
| no-application-system-cache |
Disable application system cache. ASC is enabled by default when a session is created |
||||||||
| interval interval-number; |
Specify the interval, in minutes, for statistics collection. |
||||||||
| traceoptions |
Specify the trace file information. |
||||||||
| no-application-statistics |
Configure this configuration statement to disable the application statistics in the AppTrack session. |
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.1.
Support for Next Gen Services introduced in Junos OS Release 19.3R2 and 19.4R1 on MX Series routers MX240, MX480 and MX960.