- play_arrow Juniper Web Device Manager
- play_arrow Getting Started
-
- play_arrow Add SRX Series Firewall to Security Director Cloud
- play_arrow Dashboard
- play_arrow J-Web Dashboard
-
- play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
-
- play_arrow Device Administration
- play_arrow Basic Settings
- play_arrow Cluster Management
- play_arrow User & Roles
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- About the Trusted Certificate Authority Page
- Generate Default Trusted Certificate Authorities
- Enroll a CA Certificate
- Import a CA Certificate
- Add a Certificate Authority Profile
- Edit a Certificate Authority Profile
- Delete a Certificate Authority Profile
- Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
- play_arrow Security Package Management
- play_arrow ATP Management
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
- play_arrow RPM
- play_arrow Tools
- play_arrow Reset Configuration
-
- play_arrow Network
- play_arrow Connectivity—Interfaces
- play_arrow Connectivity—VLAN
- play_arrow Connectivity—Link Aggregation
- play_arrow Connectivity—Wireless LAN
- play_arrow DHCP Client
- play_arrow DHCP Server
- play_arrow Firewall Filters—IPv4
- play_arrow Firewall Filters—IPv6
- play_arrow Firewall Filters—Assign to Interfaces
- play_arrow NAT Policies
- play_arrow NAT Pools
- play_arrow Destination NAT
- play_arrow Static NAT
- play_arrow NAT Proxy ARP/ND
- play_arrow Static Routing
- play_arrow RIP Routing
- play_arrow OSPF Routing
- play_arrow BGP Routing
- play_arrow Routing Instances
- play_arrow Routing—Policies
- play_arrow Routing—Forwarding Mode
- play_arrow CoS—Value Aliases
- play_arrow CoS—Forwarding Classes
- play_arrow CoS Classifiers
- play_arrow CoS—Rewrite Rules
- play_arrow CoS—Schedulers
- play_arrow CoS—Scheduler Maps
- play_arrow CoS—Drop Profile
- play_arrow CoS—Virtual Channel Groups
- play_arrow CoS—Assign To Interface
- play_arrow Application QoS
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN
-
- play_arrow Security Services
- play_arrow Content Security Default Configuration
- play_arrow Content Security Antivirus Profiles
- play_arrow Content Security Web Filtering Profiles
- play_arrow Content Security Antispam Profiles
- play_arrow Content Security Content Filtering Profiles
- play_arrow Content Security Custom Objects
- play_arrow Content Security Policies
- play_arrow IPS Policies
- play_arrow IPS Signatures
- play_arrow IPS Sensor
- play_arrow ALG
- play_arrow Metadata Streaming Profile
- play_arrow ATP Anti-malware
- play_arrow ATP SecIntel Profiles
- About the SecIntel Profiles Page
- Configure DNS Sinkhole
- Create a Command and Control Profile
- Edit a Command and Control Profile
- Delete a Command and Control Profile
- Create a DNS Profile
- Edit a DNS Profile
- Delete a DNS Profile
- Create an Infected Hosts Profile
- Edit an Infected Hosts Profile
- Delete an Infected Hosts Profile
- play_arrow ATP SecIntel Profile Groups
- play_arrow SSL Initiation Profiles
- play_arrow SSL Proxy Profiles
- play_arrow Firewall Authentication—Access Profile
- play_arrow Firewall Authentication—Address Pools
- play_arrow Firewall Authentication Settings
- play_arrow Firewall Authentication—UAC Settings
- play_arrow Firewall Authentication—Active Directory
- play_arrow Firewall Authentication—Local Authentication
- play_arrow Firewall Authentication—Authentication Priority
- play_arrow Firewall Authentication—JIMS
- play_arrow ICAP Redirect
-
Global Settings
You are here: Security Policies & Objects > Dynamic Applications.
To add global settings:
Field | Action |
|---|---|
| General | |
Custom Application Byte Limit | Select the byte limit in the range 0 through 10000. This helps in understanding when to stop the identification of custom applications. |
Micro Applications | Enable micro-application detection in application identification and then use them as matching criteria in a security policy. |
| Application
System Cache Enable or disable storing of AI result in application cache, configure ASC security services, configure miscellaneous services such as ABPR, or set the cache entry timeout. | |
Application Cache | Enable this option to save the mapping between an application type and the corresponding destination IP address, destination port, protocol type, and service. |
Security Services | Enable this option for security services, such as security policies, application firewall (AppFW), Juniper ATP Cloud, IDP, and Content Security. |
Miscellaneous Services | Enable this option for miscellaneous services, such as APBR and AppTrack. |
Cache entry timeout | Enter the timeout value in seconds for the application system cache (ASC) entries. Range: 0 through 1000000 seconds. Default is 3600 seconds. |
| Packet Capture | |
Global packet capture | Enable packet capture globally to capture all unknown application traffic. You can also enable this option specific to a security policy at the rule level. For more information, see Add a Rule to a Security Policy. |
Aggressive mode | Enable to capture all traffic before AppID classifies the applications. In this mode, the system captures all application traffic regardless of the application system cache (ASC) entry. Packet capture starts for the first packet of the first session. |
Exclude inconclusive traffic | Disable packet capture of inconclusive traffic. This option is available when you enable the Aggressive mode option. This option disables the packet capture for the following sessions:
If you do not configure this option, by default, the system captures packets for inconclusive sessions. |
| Advanced | |
Maximum packets | Maximum number of UDP packets per session. Range: 1 through 1000. Default is 10 packets. |
Maximum bytes | Maximum number of TCP bytes per session. For TCP sessions, the count includes the actual payload data length and excludes IP/TCP headers for the maximum bytes limit. Range: 40 through 1,073,741,824. Default is 6000 bytes. |
Maximum files | Maximum number of unique packet capture files to create before the oldest file is overwritten by a new file created. Range: 1 through 2500. Default is 100. |
Maximum storage | Maximum disk space (bytes) that can be used in the Routing Engine for packet capture files. Range: 1 through 4096 MB. Default is 50 MB. |
Maximum memory | Maximum memory limit for deep packet inspection (DPI). Range: 1 KB through maximum bytes (depending on the available space on the device). |
Packet capture interval | Timeout value in minutes to avoid repetitive capture of same traffic. After this interval, the system continues to capture newer packet details for unknown applications until the capture limit is reached. Range: 1 through 525,600 minutes. Default is 1440 minutes (24 hours). |
Repeat traffic capture | Number of repetitive captures of same traffic. Use this option to limit the number of times the same traffic can be repeatedly captured before the cache entry times out. Range: 1 through 1000. Default is 5. |
