Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Mist AI SD-WAN Juniper Mist WAN Assurance Configuration Guide WAN Configuration for Session Smart Routers

Juniper Mist WAN Assurance Configuration Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Mist WAN Assurance Configuration Guide
Table of Contents Expand all
list Table of Contents

Configure Applications for Session Smart Routers

date_range 28-Jan-25
arrow_backward
arrow_forward

Applications represent traffic destinations. On the Juniper® Session Smart™ Router, applications create services in the background for SVR. Applications can be ports, protocols, prefixes, custom domains, or app names from the built-in AppID library.

Applications are the services or apps that your network users will connect to in a Juniper Mist WAN Assurance design. You can define these applications manually in the Juniper Mist™ cloud portal. You define applications by selecting the category (such as Social Media) or selecting individual applications (such as Microsoft Teams) from a list. Another option is to use the predefined list of common traffic types. You can also create a custom application to describe anything that is not otherwise available.

For users to access applications, you must first define the applications and then use application policies to permit or deny access. That is, you associate these applications with users and networks and then assign a traffic-steering policy and access rule (allow or deny).

Configure Applications

To configure applications:

  1. In the Juniper Mist portal, click Organization > WAN> Applications.
    A list of existing applications, if any, appears.
  2. Click the Add Applications button in the upper right corner.

    The Add Application window appears.

    Table 1 summarizes the options you can set in an application configuration.
    Tip: When working on configuration screens, look for the VAR indicators. Fields with this indicator allow site variables.

    The fields with this label also display the matching variables (if configured) as you start typing a specific variable in it. This field lists variables from all sites within the organization.

    The organization-wide list of variables can be viewed using GET /api/v1/orgs/:org_id/vars/search?var=*. This list is populated as variables are added under site settings.

    Table 1: Applications Options
    Fields Description
    Name Enter a unique name for the application. You can use upto 32 characters for naming the application including alphanumerics, underscores, and dashes.
    Description Enter a description of the application and context.
    Type Enter the application type:
    IP Address (For custom applications) Enter the network IP address, including prefix (if any) of the application.
    Domain Name

    Enter the domain name of the application. The domain name is used in cloud breakout profiles to generate the fully qualified domain name (FQDN). The cloud security providers use the FQDN to identify the IPsec tunnels.

    For example, juniper.example.com.

    Protocol and Port Ranges (For custom applications) Enter details about protocols, protocol numbers, and port ranges (start and end ports) that the application is using.
    Note:

    Click the blue Add (+) icon to select multiple protocols.

    Advanced Settings Configure the optional advanced traffic type settings that includes:
    • Traffic type—Select the type of traffic (example: voice, video, data). The portal provides a list of predefined traffic type. When you select any of the defined traffic types such as gaming or video streaming, all the below parameters will be selected automatically. If you select Custom, you can configure the following values:
    • Failover policy (Session Smart Routers only)—Revertible or Non-revertible.
      • Revertible: Traffic automatic switches back to the primary link when the primary link recovers.
      • Non-Revertible: Requires manual intervention to revert to the primary link. When traffic switches to the secondary link due to primary link failure, it does not automatically revert back to the primary link.
      • None: Disable session failover. If the primary link on your device fails to meet the Service Level Agreement (SLA), existing sessions remain on the primary link, while new sessions will be redirected to the secondary link. When the primary link recovers and meets the SLA, existing sessions on the secondary link will continue, and any new sessions will start on the primary link. This behavior remains consistent even if the entire link goes down.
    • Traffic class—Best effort, High,Medium, and Low.
      • Best Effort: No special treatment, suitable for non-critical data.
      • Medium: Prioritized over Best Effort, used for non-latency-sensitive applications.
      • High: Critical applications with low latency requirements.
      • Low: Background or non-urgent traffic
      .
    • DSCP class—DSCP Class in the range 0-63. When you select a traffic class (Best Effort, High, Medium, or Low), the applicable default DSCP Class value is displayed as a help text. You can choose to override it. By configuring DSCP classes, you can map specific traffic types to appropriate QoS levels.
    • Maximum latency—Maximum latency in the range 0-4294967295. Setting a maximum latency threshold ensures that SD-WAN avoids links with excessive delay
    • Maximum jitter—Maximum jitter in the range 0-4294967295. By specifying a maximum jitter threshold, SD-WAN selects stable links to maintain predictable performance
    • Maximum loss—Maximum loss in the range 0-100. Configuring a maximum loss threshold helps SD-WAN avoid links with high packet loss rates.
  3. Complete the configuration as per details provided in Configure Applications with Custom Applications to configure applications with custom applications.
    If you want to create applications using predefined applications or URL categories, see the following sections:

Configure Applications with Custom Applications

Juniper Mist cloud enables you to define your own custom applications with destination IP addresses or domain names.

When defining custom applications, you can:

  • Use multiple destination IP addresses or domain names separated by a comma to define a single application.

  • Select a protocol (any, TCP, UDP, ICMP, GRE, or custom) and port range to narrow down your selection. This option enables the system to identify the destination at a granular level.

  • Define a prefix of 0.0.0.0/0 with protocol “any” . A prefix of 0.0.0.0/0 with protocol “any”, is resolved to any host within the Juniper Mist WAN Assurance policy.

To define custom applications:

  1. In the Juniper Mist cloud portal, under the Add Application pane, select the Type as Custom Apps.
  2. Create a custom application using IP prefixes. Refer to the details in Table 2. Use IP prefixes when configuring applications. Ensure that you keep the configuration separate for applications and application identification (which might be required at a later stage).
    Table 2: Custom Application Configuration
    Custom Application IP Address Description
    ANY 0.0.0.0/0

    A wild card IP address. The IP address 0.0.0.0 also serves as a placeholder address.

    SPOKE-LAN1 10.0.0.0/8 A match criterion for all IP addresses inside the corporate VPN.
    HUB1-LAN1 10.66.66.0/24

    A match criterion for all IP addresses attached at the LAN-interface of the Hub1 device.

    HUB2-LAN1 10.55.55.0/24

    A match criterion for all IP addresses attached at the LAN interface of the Hub2 device.

    Tip:

    The Juniper Mist cloud portal assigns an IP address directly or indirectly to all LAN interfaces of hubs and spokes. In the beginning, you may use only few IP prefixes such as 10.77.77.0/24 + 10.88.88.0/24 + 10.99.99.0/24. You might want to create a custom application for these addresses only. But at a later stage, you might have many more interfaces. So, as a good practice, create applications with a wildcard match criteria IP prefix (such as 10.0.0.8). A wildcard match allows easy extensions without a need to change the ruleset in your environment.

  3. Click Save. The Applications page displays the list of all applications you created.

Configure Applications with Predefined Applications

Juniper Mist cloud provides a list of known applications that you can use to define an Application.

To configure predefined applications:

  1. In the Mist portal, in the Add Application pane, select the Type as Apps.
  2. Click the Add (+) icon to display the list of available predefined applications.
    Figure 1: Predefined Applications Predefined Applications
    Applications that are specific to only SSRs are marked as 'SSR Only'.
  3. Select one or more applications from the drop-down menu.
  4. Click Add to save your changes.

Configure Applications with URL Categories

Juniper Mist cloud provides a list of URL categories based on types (example: shopping, sports) and grouped by severity (all, standard, strict). You can use the URL categories to define an application. URL categories offer granular filtering for application creation. You can select a single or multiple URL categories for an application.

To define URL categories:

  1. In the Mist portal, in the Add Application pane, select the Type as URL Categories.
  2. Click the Add (+) icon to display the list of available URL categories
    Figure 2: URL Categories URL Categories
  3. Select one or more URL category groups or URL categories.
  4. Click Add to save your changes.

Configure Applications with Custom URLs

Juniper Mist allows you to create custom URL-based applications. With custom URLs, you can create a wildcard domains list, which can be used to permit or block traffic.

To define custom URLs:

  1. In the Mist portal, in the Add Application pane, select the Type as Custom URLs.
  2. Enter the custom URLs. Use a comma separator if you need to specify multiple URLs.

    Mist supports only the asterisk( * ) wildcard pattern. You can specify up to 15 URL patterns for an application. You can view the supported patterns by hovering the mouse over the tooltip icon. Note that you can use the https://abc.com pattern only for SRX Series devices.

    Figure 3: Custom URLs Custom URLs
  3. Click Add to save your changes.
    Note:

    You can also edit an existing application to include custom URL patterns.

See Also

arrow_backward PREVIOUS Configure Networks for Session Smart Routers
NEXT arrow_forward Configure Application Policies on Session Smart Routers
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
Configure Applications for Session Smart Routers
keyboard_arrow_right
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top

keyboard_arrow_down
file_download
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
language