Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

AppID Major Update

0

0

Article ID: TSB16704 TECHNICAL_BULLETINS Last Updated: 15 May 2015Version: 2.0
Alert Type:
PSN - Product Support Notification
Product Affected:
Juniper SRX - Application Identification on version 12.1X47 or greater.
Alert Description:
Starting in Junos 12.1X47D10 the SRX uses a second generation application identification engine which greatly improves the application identification capabilities on the SRX. On May 14th 2015, we will be providing a major update to our AppID engine which further improves accuracy, and adds an additional 270 new applications. This major AppID update will be released in signature pack 2495.

As part of the standard development cycle, Juniper has done extensive quality assurance and scalability testing and has detected a small performance degradation in lab testing scenarios of 5-10% in some of the test cases.
We believe this is unlikely to affect actual customer deployments, and is a result of the addition of new inspection techniques and the 270 new applications detected.
Solution:
This update does not require any downtime or manual customer intervention (if automatic updates are configured), as it can be seamlessly installed as part of standard update process documented here:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/services-application-identification-application-package-understanding.html

If you believe that this update has created a performance or stability concern, you can easily roll the system back to a previous signature pack (2493 or earlier) and contact JTAC.


Steps to Rollback:

1. Download the previous signature/detector pack with the following command:
       a. “request services application-identification download version 2493”
2. Install the package with the following command:
       a. “request services application-identification install”
3. Optionally, if automatic download/installation is enabled, you can disable that during troubleshooting by entering the configuration mode and disabling automatic AppID/IPS downloads:
       a. “edit”
       b. “deactivate services application-identification download”
       c. “deactivate security idp security-package”
       d. commit
Implementation:

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search