application-identification (Services)
Syntax
application-identification {
application application-name {
address-mapping address-name {
filter {
ip ip-address-and-prefix-length;
port-range {
tcp [port];
udp [port];
}
}
}
cacheable;
description;
icmp-mapping {
code number;
type number;
}
ip-protocol-mapping {
protocol number;
}
order;
over protocol-type {
signature name {
member name {
context {
http-get-url-parsed-param-parsed;
http-header-content-type;
http-header-cookie;
http-header-host;
http-header-user-agent;
http-post-url-parsed-param-parsed;
http-post-variable-parsed ;
http-url-parsed;
http-url-parsed-param-parsed;
ssl-server-name;
stream;
}
direction {
any;
client-to-server;
server-to-client;
}
pattern pattern;
}
port-range value;
priority [high | low];
type;
risk;
}
application-group group-name {
application-groups application-group-name;
applications application-name;
}
application-system-cache-timeout value;
download (Services) {
automatic {
interval hours;
start-time MM-DD.hh:mm;
}
url url;
}
enable-cdn-application-detection
enable-performance-mode max-packet-threshold number;
global-offload-byte-limit byte-limit-number;
imap-cache-size number;
imap-cache-timeout number;
inspection-limit {
tcp {
byte-limit byte-limit-number;
packet-limit packet-limit-number;
}
udp {
byte-limit byte-limit-number;
packet-limit packet-limit-number;
}
}
max-memory memory-value
maximum-transactions transactions-number;
micro-apps;
no-application-identification;
no-application-system-cache;
packet-capture {
aggressive-mode;
buffer-packets-limit bytes;
capture-interval capture-interval;
capture-limit capture-limit;
global;
max-bytes bytes;
max-files max-files;
max-packets max-packets;
no-inconclusive;
storage-limit bytes;
}
statistics {
interval minutes;
}
traceoptions {
file {
filename ;
files number;
match regular-expression;
size maximum-file-size;
(world-readable | no-world-readable);
}
flag flag;
level [all | error | info | notice | verbose | warning]
no-remote-trace;
{
no-application-statistics;
}
}
}
Hierarchy Level
[edit services]
Description
Configure application identification to identify applications regardless of the application port or protocol that is used to transmit the application.
Use this option to configure various options for the application identification such as application signatures, application groups, signature package download option, enable and deactivating application system cache, application traffic throughput, micro applications, application identification inspection limit, trace options and so on to use the application identification functionality.
Once the application is determined, other AppSecure service modules are configured to monitor and control traffic for tracking, prioritization, access control, detection, and prevention based on the application ID of the traffic.
Options
| application application-name | Configure application definition. You can create custom application signatures by specifying a name, protocol, port where the application runs, and match criteria. |
||||||||
| application-group group-name | Configure a custom application group for application identification. |
||||||||
| application-system-cache-timeout value | Specify the timeout value in seconds for the application system cache (ASC) entries. |
||||||||
| download | Configure automatic download for the application identification services application package. |
||||||||
| enable-cdn-application-detection | Enable application identification (AppID) to classify a web application hosted on a content delivery network (CDN). |
||||||||
| enable-performance-mode max-packet-threshold number | Set the deep packet inspection (DPI) in performance mode for application identification. |
||||||||
| global-offload-byte-limit byte-limit-number | Specify the maximum number of byte limit before concluding the classification for identifying an application. Note:
The byte limit excludes the IP header and the TCP/UDP header lengths.
|
||||||||
| imap-cache-size number | Configure to limit the maximum number of entries in the IMAP cache. |
||||||||
| imap-cache-timeout time-period | Specify the timeout value for the entries in the IMAP cache cache. |
||||||||
| inspection-limit | Specify the maximum number of byte limit before concluding the classification for identifying an application in TCP and UDP sessions. Note:
The byte limit excludes the IP header and the TCP/UDP header lengths.
|
||||||||
| max-memory value | Specify maximum memory limit for the deep packet inspection (DPI).
|
||||||||
| micro-apps | Enable micro-application detection with application identification feature. |
||||||||
| no-application-identification; | Disable the application identification of applications running on nonstandard ports. By default, application identification is enabled on the device. |
||||||||
| no-application-system-cache | Disable application system cache. ASC is enabled by default when a session is created |
||||||||
| interval interval-number; | Specify the interval, in minutes, for statistics collection. |
||||||||
| traceoptions | pecify the trace file information. |
||||||||
| no-application-statistics |
Configure this configuration statement to disable the application statistics in the AppTrack session. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 10.2.
Custom application definition option introduced in Junos OS Release 15.1X49-D40.
Risk option
introduced in Junos OS Release 19.1R1.
micro-app option introduced in Junos OS Release 19.2R1.
global-offload-byte-limit and inspection-limit options are introduced in Junos OS Release 19.4R1 and 15.1X49-D200.
Configuration statement no-application-statistics is added in Junos
OS Release 21.1R1.