Add Application Signatures

date_range 20-Sep-22

arrow_backward

arrow_forward

You are here: Security Policies & Objects > Dynamic Applications.

To add an application signature:

Click Create > Signature on the upper-right corner of the Dynamic Applications page.
The Create Application Signatures page appears.
Complete the configuration according to the guidelines provided in Table 1.
Click OK to save the changes. If you want to discard your changes, click Cancel.

Table 1: Fields on the Add Application Signatures Page
Field	Action
Name	Enter the application signature name.
Description	Enter the application signature description.
Order	Enter the order of the custom application. Lower order has higher priority. The range is 1 through 50,000.
Priority	Enter the priority over other signature applications. Select an option from the list: High Low By default, the priority for the custom application is set to Low. This allows a predefined application to take precedence. If you want to override a predefined application, you must set the priority to High.
Risk	Enter the risk as critical, high, moderate, low, or unsafe.
Application Identification match criteria	Select one or more options from the list: ICMP Mapping IP Protocol Mapping Address Mapping L7 Signature
ICMP Mapping	Select a value from the list. ICMP Type—Select the numeric value of an ICMP type. The type identifies the ICMP message, such as Unassigned or Destination Unreachable. The range is from 0 through 254. Select the numeric value of an ICMP code. The code field provides further information (such as RFCs) about the associated type field. The range is from 0 through 254.
IP Protocol Mapping	Select the numeric value of an ICMP type. The type identifies the ICMP message, such as Unassigned or Destination Unreachable. The range is from 0 through 254.
Address Mapping	To add a new address mapping: Click Add. The Add Address Mapping page appears. Enter the following details: Name—Enter the name of the address mapping. IP Address—Enter an IPv4 or IPv6 address. CIDR Range—Enter an IPv4 or IPV6 address prefix for classless IP addressing. TCP Port range—Enter the TCP port range for the application. UDP Port Range—Enter the UDP port range for the application. Click the pencil icon at the upper-right corner of the Address Mapping table. Then, edit the address mapping and click OK. To delete an existing Address Mapping, select it and click the delete icon or right-click on it and click Delete.
L7 Signature
Cacheable	Set this option to True only when L7 signatures are configured in a custom signature. This option is not supported for address-based, IP protocol-based, and ICMP-based custom application signatures.
Add L7 Signature	Click Add L7 Signature list and select an option from the following: Over HTTP Over SSL Over TCP Over UDP The Add Signature page appears.
Add Signature
Over Protocol	Displays the signature that matches the application protocol. Example: HTTP
Signature Name	Enter a unique name that is a string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 63 characters.
Port Range	Enter the port range for the application. Range is 0-65535.
Add Members Custom signatures can contain multiple members that define attributes of an application. The supported member name range is m01 through m15.
+	Click + to create a member.
Context (Over HTTP)	Select the service-specific context from the following list: http-get-url-parsed-param-parsed http-header-content-type http-header-cookie http-header-host http-header-user-agent http-post-url-parsed-param-parsed http-post-variable-parsed http-url-parsed http-url-parsed-param-parsed
Context (Over SSL)	Select the service-specific context as ssl-server-name.
Context (Over TCP)	Select the service-specific context as stream.
Context (Over UDP)	Select the service-specific context as stream.
Direction	Select the direction of the packet flow to match the signature: any—The direction of the packet flow can either be from the client-side to the server-side or from the server-side to the client-side. client-to-server—The direction of packet flow is from the client-side to the server-side. server-to-client—The direction of packet flow is from the server-side to the client-side.
Depth	Enter the maximum number of bytes to check for context match. Use the byte limit for AppID to identify custom application pattern for applications running over TCP or UDP or Layer 7 applications. Range is 1 through 8000. The Depth is set to 1000 by default, if not explicitly configured. Note: Starting in Junos OS Release 20.2R1, Depth option is supported.
Pattern	Enter the deterministic finite automaton (DFA) pattern matched the context. The DFA pattern specifies the pattern to be matched for the signature. The maximum length is 128.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release

Description

20.2R1

Starting in Junos OS Release 20.2R1, Depth option is supported.

arrow_backward PREVIOUS Global Settings

NEXT arrow_forward Clone Application Signatures

J-Web User Guide for SRX Series Firewalls

Add Application Signatures

Related Documentation

Change History Table