Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Understanding 'application-system-cache' output in SRX firewalls.

0

0

Article ID: KB31091 KB Last Updated: 17 Aug 2016Version: 1.0
Summary:

This article explains the output from 'show services application-identification application-system-cache' command on the SRX CLI.

Symptoms:

How to use the command, 'show services application-identification application-system-cache'.

Solution:

According to the AppSecure Services Feature Guide for Security Devices, "Application system cache (ASC) saves the mapping between an application type and the corresponding destination IP address, destination port, protocol type, and service. By default, the ASC saves the mapping information for 3600 seconds. However, you can configure the cache timeout value by using the CLI."

The application port mappings are saved in the ASC (hash table). Ideally, the mappings generated by one SPU should be exposed to all other SPU's immediately through CP. As this process takes time, both the central ASC and local ASC (per SPU) will be maintained to improve the chance of matching.

labroot@SRX240> show services application-identification application-system-cache
Application System Cache Configurations:
application-cache: on
nested-application-cache: on
cache-unknown-result: on
cache-entry-timeout: 3600 seconds
pic: 0/0
Logical system name: 0
IP address: 66.235.148.128 Port: 443 Protocol: TCP
Application: SSL Encrypted: Yes
Classification Path: IP:TCP:SSL

Logical system name: 0
IP address: 54.231.73.2 Port: 443 Protocol: TCP
Application: SSL:AMAZON_AWS Encrypted: Yes
Classification Path: IP:TCP:SSL:AMAZON_AWS

Logical system name: 0
IP address: 216.58.201.163 Port: 443 Protocol: UDP
Application: UNSPECIFIED-ENCRYPTED Encrypted: Yes
Classification Path: IP:UDP:UNSPECIFIED-ENCRYPTED

Logical system name: 0
IP address: 54.231.73.51 Port: 443 Protocol: TCP
Application: SSL:AMAZON_AWS Encrypted: Yes
Classification Path: IP:TCP:SSL:AMAZON_AWS

Logical system name: 0
IP address: 54.174.192.202 Port: 80 Protocol: TCP
Application: HTTP Encrypted: No
Classification Path: IP:TCP:HTTP

The output above shows the logical system where the application detected the traffic, the IP address from where the traffic was initiated, the protocol details, and the application signature that matched at that time. Once an application is identified, its information is saved in the ASC so that only one matching entry is required for an application running on a particular system, thereby expediting the identification process.

The AppSecure Services Feature Guide for Security Devices explains that, "to minimize the impact on performance, application system cache is refreshed only when Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) traffic triggers a cache lookup. Without a cache lookup, the entries in the ASC remain unchanged even after cache timeout."

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search