Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is the difference between Application None, Application appname, and Application Ignore in a policy?

0

0

Article ID: KB14179 KB Last Updated: 14 May 2013Version: 2.0
Summary:
What is the difference between Application None, Application <appname>, and Application Ignore in a policy?
Symptoms:
When creating a policy in the WebUI, the 'Application' pull-down allows several applications, as well as None or IGNORE.  What do they mean?


Solution:
Application None:
This is the default setting in a policy and allows the incoming traffic that matches the policy to invoke any active ALG (Application Layer Gateway) that matches the destination port number in the packet. 
For additional information, refer to KB7876 - What is the Policy keyword "Application NONE".

Application <appname>:
This allows the configuration of a specific ALG application to be invoked when incoming traffic matches the policy.  It is used when you have a custom service and want a firewall ALG to be applied for that custom service. 
For an example, refer to KB7096 - Configure FTP with Custom Control Port (Other than 20) as an example.

Application Ignore:
This allows the traffic that matches the policy to by-pass any application that would otherwise be matched based on destination port.  An example of this is a policy that specifies a custom service with a destination port of 2000.  Since this is the default port for SCCP it would ordinarily trigger that ALG, but if Application Ignore has been specified in the policy, the SCCP ALG will be ignored and the traffic will be allowed through using that destination port. 
For additional information, refer to KB13509 - Viewing list of ALGs and disabling an ALG differs on ScreenOS versions.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search