A custom application is created and security policy matching this application has session logging enabled but session log doesn't show the custom application name. This article explains why this behavior is to be expected. This is a display issue, which does not affect session flow.

A custom application is created as follows:

[edit]
root@srx# show applications
application custom-http {
   protocol tcp;
   destination-port 80;
   inactivity-timeout never;
}

A security policy is also configured to match this application:

root@srx# show security policies from-zone CLIENTS to-zone INTERNET 

policy web-allow {
    match {
        source-address any;
        destination-address any;
        application custom-http;
    }
    then {
        permit;
        log {
            session-init;
            session-close;
        }
    }
}

Session hits and a session log is created as seen below:


Jul 4 15:17:58 srx RT_FLOW: RT_FLOW_SESSION_CREATE: session created 192.168.1.2/8382->192.168.19.24/20480 junos-http 192.155.1.22/37156->192.168.19.24/20480 clients_nat None 6 web-allow CLIENTS INTERNET 3553 N/A(N/A) ge-0/0/0 UNKNOWN UNKNOWN UNKNOWN

However, the junos-http application name is displayed instead of the custom-http application if an application is created with a non well-known port. such as:

application custom-app {
    protocol udp;
    destination-port 14500;
    inactivity-timeout 800;
}

Instead of displaying the custom-app name configured, the session log only displays "None".

In current design of Junos OS, the custom application name is not pushed to the packet forwarding engine (PFE), so the event logs generated by the PFE cannot read the custom application name. Only the default application name is displayed. This is only a display issue and does not affect session flow.

This behavior is by design. No change to this design is currently anticipated.