Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to verify if the Application-Firewall configured on the device is working properly

0

0

Article ID: KB31097 KB Last Updated: 23 Aug 2016Version: 2.0
Summary:

This article explains the output of the CLI command, 'show security application-firewall rule-set all', which is used to verify the working of the Application-Firewall configuration on the firewall.

Symptoms:

Example Scenario: A user configured a second rule-set on the firewall for Application Firewall.

Existing APPFW ruleset configuration:

set security application-firewall rule-sets appfw-test rule 1 match dynamic-application junos:FACEBOOK-VIDEO-STREAM
set security application-firewall rule-sets appfw-test rule 1 then deny
set security application-firewall rule-sets appfw-test rule youtube match dynamic-application junos:YOUTUBE
set security application-firewall rule-sets appfw-test rule youtube match dynamic-application junos:YOUTUBE-COMMENT
set security application-firewall rule-sets appfw-test rule youtube match dynamic-application junos:YOUTUBE-HD
set security application-firewall rule-sets appfw-test rule youtube then deny
set security application-firewall rule-sets appfw-test default-rule permit
set security policies from-zone trust to-zone untrust policy trust-untrust then permit application-services application-firewall rule-set appfw-test

The following additional rule-set is configured on the device:

set security application-firewall rule-sets app-disable rule 1 match dynamic-application junos:SLACKER
set security application-firewall rule-sets app-disable rule 1 then deny
set security application-firewall rule-sets app-disable default-rule permit

How can the user verify the newly added rule-set is working properly?

Cause:

Solution:

Run the command, 'show security application-firewall rule-set all' on the device. This command returns the complete details for all the rule-sets configured. This includes all the individual rules as well as the application-signatures and their action.

labroot> show security application-firewall rule-set all
Rule-set: appfw-test
Logical system: root-logical-system
Rule: 1
Dynamic Applications: junos:FACEBOOK-VIDEO-STREAM
SSL-Encryption: any
Action:deny
Number of sessions matched: 573
Number of sessions redirected: 0
Rule: youtube
Dynamic Applications: junos:YOUTUBE, junos:YOUTUBE-COMMENT, junos:YOUTUBE-HD
SSL-Encryption: any
Action:deny
Number of sessions matched: 357
Number of sessions redirected: 0
Default rule:permit
Number of sessions matched: 753
Number of sessions redirected: 0
Number of sessions with appid pending: 1

Rule-set: app-disable
Logical system: root-logical-system
Rule: 1
Dynamic Applications: junos:SLACKER
SSL-Encryption: any
Action:deny
Number of sessions matched: 0
Number of sessions redirected: 0
Default rule:permit
Number of sessions matched: 0
Number of sessions redirected: 0
Number of sessions with appid pending: 0

The counters for rule-set app-disable are all 0 indicating that the rule-set is not working. The reason in this case is that the Application Firewall rule-set app-disable is not enabled on the security policy.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search