The other great mystery of the universe: dynamic-applications ;)
I just try to do rules for internal services (DNS, NTP, AD, or other known ones) as standard rules, and then use AppFW (mostly) for connections to Internet. Of course if the requirement is to implement some sort of application control on the internal network, you can't avoid using AppFW or IDP.
I don't think there's any general rule or guide for this.
------------------------------
M Gi
------------------------------
Original Message:
Sent: 05-03-2024 05:41
From: emmett brown
Subject: SRX1500 Dynamic Application KRB5 and Windows PC's
Is there anywhere I can read about when to use simple\legacy versus "new" dynamic applications? By the way, I couldn't find any "legacy" applications definitions for Kerberos :( Yes, I understand that custom applications can be added :) I'm just curious why only the UDP protocol was allowed for Kerberos.
Original Message:
Sent: 05-03-2024 05:00
From: MGi
Subject: SRX1500 Dynamic Application KRB5 and Windows PC's
Hi,
If possible, don't use dynamic-applications for service rules like this one. Just create a rule somewhere on top of the zone-context, use predefined or custom applications, and set the dynamic-application to "none".
------------------------------
M Gi
Original Message:
Sent: 05-02-2024 00:42
From: emmett brown
Subject: SRX1500 Dynamic Application KRB5 and Windows PC's
I use this policy to allow users to authenticate in the Windows domain:
policy MS_DYNAPP { match { source-address any; destination-address [ DC1 DC2 ]; dynamic-application [ junos:LDAP junos:CLDAP junos:NBNS junos:MSRPC junos:SMB junos:KRB5 ]; } then { permit; }}
policy last { match { source-address any; destination-address any; application any; dynamic-application any; } then { reject; log { session-close; } }}
But in the log i see that the traffic to port 88 is still blocked:
May 2 07:26:59 myfw RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed Closed by junos-dynapp: 172.19.19.4/50000->172.16.105.4/88 0x0 None 172.19.19.4/50000->172.16.105.4/88 0x0 N/A N/A N/A N/A 6 last office-19 office-srv 64425124357 3(367) 1(52) 1 KRB5 UNKNOWN N/A(N/A) xe-0/0/19.19 No Infrastructure Encryption 1 Known Vulnerabilities; NA 0 0.0.0.0/0->0.0.0.0/0 NA NA N/A N/A Off root 0 N/A N/A
May 2 07:27:00 myfw RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed Closed by junos-dynapp: 172.19.19.4/50080->172.16.105.4/88 0x0 None 172.19.19.4/50080->172.16.105.4/88 0x0 N/A N/A N/A N/A 6 last office-19 office-srv 64425105881 3(367) 1(52) 2 KRB5 UNKNOWN N/A(N/A) xe-0/0/19.19 No Infrastructure Encryption 1 Known Vulnerabilities; NA 0 0.0.0.0/0->0.0.0.0/0 NA NA N/A N/A Off root 0 N/A N/A
May 2 07:27:00 myfw RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed Closed by junos-dynapp: 172.19.19.4/50093->172.16.105.4/88 0x0 None 172.19.19.4/50093->172.16.105.4/88 0x0 N/A N/A N/A N/A 6 last office-19 office-srv 64425115425 3(367) 1(52) 2 KRB5 UNKNOWN N/A(N/A) xe-0/0/19.19 No Infrastructure Encryption 1 Known Vulnerabilities; NA 0 0.0.0.0/0->0.0.0.0/0 NA NA N/A N/A Off root 0 N/A N/A
May 2 07:27:00 myfw RT_FLOW: RT_FLOW_SESSION_CLOSE: session closed Closed by junos-dynapp: 172.19.19.4/50108->172.16.105.4/88 0x0 None 172.19.19.4/50108->172.16.105.4/88 0x0 N/A N/A N/A N/A 6 last office-19 office-srv 64425104590 3(367) 1(52) 2 KRB5 UNKNOWN N/A(N/A) xe-0/0/19.19 No Infrastructure Encryption 1 Known Vulnerabilities; NA 0 0.0.0.0/0->0.0.0.0/0 NA NA N/A N/A Off root 0 N/A N/A
Why is this happening? Did I miss something?