SRX

Expand all | Collapse all

details/settings for predefined "junos-" applications

Jump to Best Answer
  • 1.  details/settings for predefined "junos-" applications

    Posted 02-17-2010 13:04

    Is there some way (or some place) I can get details on the pre-defined applications that exist within JunOS?  ie, all the applications that are predefined and prefixed w/ "junos" (junos-ping, junos-ssh, junos-sip, etc).  I would like to see the actual src/dst ports, timeouts, RPC info where appropriate, etc.

     

    I found a spot in the 10.0 JunOS documentation that said there was a "show applications" command, but that doesn't seem to exist (at least not on 10.1R1.8 on SRX100 or 9.6R1.13 on a 240...)

     

    Any pointers appreciated, thanks!



  • 2.  RE: details/settings for predefined "junos-" applications
    Best Answer

    Posted 02-17-2010 13:44

    Hello,

    There is such a way indeed

     

     

    root> show configuration groups junos-defaults applications              
    #
    # File Transfer Protocol 
    #
    application junos-ftp {
        application-protocol ftp;
        protocol tcp;
        destination-port 21;
    }
    #
    # Trivial File Transfer Protocol 
    #
    application junos-tftp {
        application-protocol tftp;
        protocol udp;
        destination-port 69;
    }
    #
    # Real Time Streaming Protocol 
    #       
    application junos-rtsp {
        application-protocol rtsp;
        protocol tcp;
        destination-port 554;
    }                   
    #
    # Network Basic Input Output System  - networking protocol used on
    # Windows networks   session service port
    #
    application junos-netbios-session {
        protocol tcp;
        destination-port 139;
    }
    application junos-ssh {
        protocol tcp;
        destination-port 22;
    }
    application junos-telnet {
        protocol tcp;
        destination-port 23;
    }
    application junos-smtp {
        protocol tcp;
        destination-port 25;
    }
    <<long printout follows, omitted here for brevity>>

     

    Regarding the timeouts

     

     

    For single application entries, an application timeout lookup proceeds as follows:
    
    -The specified timeout in the application entry database, if set.
    -The default timeout in the application entry database, if specified in the predefined application.
    -The protocol-based default timeout table. 

     

     

    http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-security/topic-41683.html

     

    Rgds

    Alex

     



  • 3.  RE: details/settings for predefined "junos-" applications

    Posted 02-17-2010 13:48

    Perfect, thank you!

     

    Looks like lots of other good stuff under group junos-defaults as well.

     

    Best regards!



  • 4.  RE: details/settings for predefined "junos-" applications

    Posted 03-18-2010 11:33

    is there a way to modify default protocol timeout or somehow make SRX to use separate timeout for management connections (telnet/ssh) to self ?

     

    Here is why I'm asking:

     

    http://forums.juniper.net/t5/SRX-Services-Gateway/what-is-the-proper-way-to-setup-cli-timeout-on-SRX/td-p/37175



  • 5.  RE: details/settings for predefined "junos-" applications

    Posted 03-23-2015 11:15

    You have to define a new application. If you try to override the default junos-ssh settings you're going to have a bad time. My experience with that was a inactivity-timeout of about half of the setting I configured. JTAC said that wasn't a supported configuration, and the proper way is to do something like below:

     

    set applications application my-ssh protocol tcp
    set applications application my-ssh destination-port 22
    set applications application my-ssh inactivity-timeout 86400

     

    set security policies from-zone trust to-zone untrust policy ssh match application my-ssh
    set security policies from-zone untrust to-zone trust policy ssh match application my-ssh