application-services (Security Policies)
Syntax
application-services {
advanced-anti-malware-policy advanced-anti-malware-policy;
application-firewall {
rule-set rule-set;
}
application-traffic-control {
rule-set rule-set;
}
casb-policy policy-name;
gprs-gtp-profile gprs-gtp-profile;
gprs-sctp-profile gprs-sctp-profile;
idp idp;
packet-capture;
(redirect-wx redirect-wx | reverse-redirect-wx reverse-redirect-wx);
security-intelligence-policy security-intelligence-policy;
security-intelligence {
add-destination-identity-to-feed feed-name;
add-destination-ip-to-feed feed-name;
add-source-identity-to-feed feed-name;
add-source-ip-to-feed feed-name;
}
security-metadata-streaming-policy policy-name
ssl-proxy {
profile-name profile-name;
}
uac-policy {
captive-portal captive-portal;
}
utm-policy utm-policy;
web-proxy {
profile-name profile-name;
}
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit]
Description
Enable application services within a security policy. You can enable service such as application firewall, IDP, Content Security, SSL proxy, and so on by specifying them in a security policy permit action, when the traffic matches the policy rule.
Options
| advanced-anti-malware-policy | Specify advanced-anti-malware policy name. |
||
| application-firewall | Specify the rule sets configured as part of application firewall to be applied to the permitted traffic. |
||
| application-traffic-control | Specify the rule sets configured as part of AppQoS, application-aware quality of service, to be applied to the permitted traffic. |
||
| casb-policy |
Specify CASB policy name. |
||
| gprs-gtp-profile | Specify GPRS tunneling protocol profile name. |
||
| gprs-sctp-profile | Specify GPRS stream control protocol profile name. |
||
| idp | Apply Intrusion detection and prevention (IDP) as application services. |
||
| redirect-wx | Specify the WX redirection needed for the packets that arrive from the LAN. |
||
| reverse-redirect-wx | Specify the WX redirection needed for the reverse flow of the packets that arrive from the WAN. |
||
| security-intelligence-policy | Specify security-intelligence policy name. |
||
| security-intelligence |
Specify the security intelligence feed post action. The following feeds are supported:
|
||
| security-metadata-streaming-policy | Enable metadata streaming of the traffic permitted by the security policy. | ||
| uac-policy | Enable Unified Access Control (UAC) for the security policy. This statement is required when you are configuring the SRX Series Firewall to act as a Junos OS Enforcer in a UAC deployment.
|
||
| Content Security-policy Content Security-policy | Specify Content Security policy name. The Content Security policy configured for antivirus, antispam, content-filtering, traffic-options, and Web-filtering protocols is attached to the security policy to be applied to the permitted traffic. |
||
| web-proxy profile-name | Specify secure Web proxy profile name. The secure Web proxy profile is configured with dynamic application and external proxy server details. This profile is attached to the security policy and applied on the permitted traffic. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement modified in Junos OS Release 11.1.