Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[IDP/SRX] Which App-ID Signature to Use that Covers All Office365 Applications

0

0

Article ID: KB33300 KB Last Updated: 08 Nov 2018Version: 1.0
Summary:

Customer requires to allow all Office365 services and deny everything else based on the signature. 

Symptoms:

Customer needs to know what App-ID signature to use that will detect any Office365 application

Solution:

The application signature junos:OFFICE365-CREATE-CONVERSATION is a grouping of the Office365 suite of applications.  When using junos:OFFICE365-CREATE-CONVERSATION, it will encompass the following signatures:

      junos:OFFICE365-OUTLOOK
    junos:OFFICE365-GET-MAIL
    junos:OFFICE365-SSL
    junos:OFFICE365-GET-CALENDAR
    junos:OFFICE365-GET-CONVERSATION
    junos:OFFICE365
    junos:OFFICE365-INSTANTMESSANGER

For more details on this application signature, you can use show services application-identification application detail junos:OFFICE365-CREATE-CONVERSATION

root@srx300> ...plication detail junos:OFFICE365-CREATE-CONVERSATION          
Application Name: junos:OFFICE365-CREATE-CONVERSATION                         
Application type: OFFICE365-CREATE-CONVERSATION                               
Description: This signature detects a new email being creating in Office365.
             Office365 is the corporate cloud based office suite. This
             signature may require SSL Forward Proxy configuration. 
Application ID: 1448    
Priority: high    
Order: 0       
Disabled: No                 
Cacheable: Yes  
Activation Date: 2013-12-13      
Last Modified: 2018-02-09      
Number of Parent Group(s): 2       
Application Groups:
    junos:web:messaging:mail                     
    junos:web:messaging:instant-messaging        
Application Tags:
    characteristic        : Can Leak Information                              
    characteristic        : Bandwidth Consumer                                
    characteristic        : Prone to Misuse                                   
    characteristic        : Supports File Transfer                            
    risk                  : 4                                                 
    subcategory           : Messaging                                         
    category              : Web                                               
Underlying consolidated Protocols/ports application is dependent on:
    Protocols:
        Protocol: junos:SSL   / 199        
        Protocol: junos:TCP   / 205        
        Protocol: junos:SPDY  / 1469       
        Protocol: junos:POSTGRESQL / 150        
        Protocol: junos:HTTPS / 68         
        Protocol: junos:HTTP  / 67         
        Protocol: junos:UDP   / 216        
        Protocol: junos:NET-PROXY / 2629       
        Protocol: junos:HTTP2 / 2553       
        Protocol: junos:HTTP-TUNNEL / 750        
        Protocol: junos:HTTP-PROXY / 2956       
        Protocol: junos:COTP  / 22         
        Protocol: junos:AKAMAI-SSL / 1284       
        Protocol: junos:MEDIAMATH / 2789       
    TCP Ports:
        Port: 443         
        Port: 80          
        Port: 3128        
        Port: 8000        
        Port: 8080        
Layer-7 Immediate Protocol(s):          
    Protocol: SSL         / 199        
    Protocol: SPDY        / 1469       
    Protocol: HTTPS       / 68         
    Protocol: HTTP2       / 2553       
    Protocol: HTTP        / 67         
    Protocol: AKAMAI-SSL  / 1284       
Alias List:
    junos:OFFICE365-OUTLOOK
    junos:OFFICE365-GET-MAIL
    junos:OFFICE365-SSL
    junos:OFFICE365-GET-CALENDAR
    junos:OFFICE365-GET-CONVERSATION
    junos:OFFICE365
    junos:OFFICE365-INSTANTMESSANGER
Application Specific Ports:
    Default ports: N/A
Signature:
    Port range: N/A
    Client-to-server
    Order: 4        

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search