SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Application firewall not working on SRX550

    Posted 05-12-2015 20:22
      |   view attached

    Hello,

     

    I have SRX550 on my client, I want to test application firewall feature but appFw not going to working.

    my junos version is 12.1X47-D20.7

     

    this is my scenario :

     

     

    LAN ------------------------------SRX 550---------------------------------INTERNET

     

    in my test I want to block traffic for the specific application, for examples :

    - just block traffic for youtube streaming but I can still access youtube webpage

    - just block facebook chat but I can still access facebook webpage.

     

    so I configure the application firewall rule and apply it to security policy but not woking.

    from guide documentation then I got that to be able appFw working on https traffic, there must be ssl proxy configured so I configure it but still not working.

     

    this is my config attached.

     

    any idea?

     

     

    Thank's in advance

    Attachment(s)

    txt
    Config SRX550.txt   13 KB 1 version


  • 2.  RE: Application firewall not working on SRX550

     
    Posted 05-13-2015 05:07

    Hello ,

     

    Can you try changing the "YOUTUBE-HD" to "YOUTUBE"  and chekc if the streaming is still possible  .

     

    Also Can you check the Appsec traceoptions to check if the rule is been hit or is it taking the default permit rule .



  • 3.  RE: Application firewall not working on SRX550

     
    Posted 05-13-2015 05:11

    Hello ,

     

    Also please share the following  :

     

    >show services application-identification counter
    >show services application-identification application detail
    > show security application-firewall rule-set <rule name >

    Please also check : http://kb.juniper.net/InfoCenter/index?page=content&id=KB25255&smlogin=true



  • 4.  RE: Application firewall not working on SRX550

    Posted 05-18-2015 02:49
      |   view attached

    Hello joses,

     

    sorry for late reply.

     

    I try changing the "YOUTUBE-HD" to "YOUTUBE" but still not work.

     

    there are no hits on the specific rule, hit only take on default rule : permit.

     

    Here the output attached.

     

    BY THE WAY,

    maybe https traffic not affect on appFw if I not configure SSL proxy?

    based on attached guide, I must configure ssl proxy something like import browser certificate to srx, but

    i then just followed this KB23144, but I cannot download add-ca-group.slax and del-ca-group.slax on junos script section.

     

    any idea?

     

    Thank's in advance

     



  • 5.  RE: Application firewall not working on SRX550

    Posted 05-18-2015 02:51
      |   view attached

    sorry i  forgot to attach the output

    Attachment(s)

    txt
    outputs.txt   3 KB 1 version


  • 6.  RE: Application firewall not working on SRX550

     
    Posted 05-18-2015 06:01

    Hello ,

     

    Without these certificates installed , it will not block the HTTPS traffic . Kindly share the error that you are getting when you try to download the slax files .

    I tried and I was able to download it . I will attach the same .



  • 7.  RE: Application firewall not working on SRX550
    Best Answer

     
    Posted 05-18-2015 06:04

    Hello ,

     

    PFA the Files



  • 8.  RE: Application firewall not working on SRX550

    Posted 05-18-2015 21:36

    Hi joses,

     

    When I download .slax directly from kb, it's tell me the web page not available.

    However,  thank you for sharing this .slax file, I will try to configure the ssl proxy hope the appFw can handle https traffic.

    Maybe I'ill come back later when if there is a problem  again.

     

    Regards,

    Thank you in adavance 



  • 9.  RE: Application firewall not working on SRX550

     
    Posted 05-18-2015 21:44

    Hello Rajas ,

     

    Thanks for the update .



  • 10.  RE: Application firewall not working on SRX550

    Posted 08-12-2015 01:14

    Hi.

     

    I'm using Junos OS 12.3X48-D15.4, and trying to test Application Firewall features. I see, Junos can prevent us from accessing youtube, facebook, but with embed applicatations like youtube comment or facebook chat, it cannot prevent.

     

    set security application-firewall rule-sets DENY-YOUTUBE rule 1A match dynamic-application junos:YOUTUBE-COMMENT
    set security application-firewall rule-sets DENY-YOUTUBE rule 1A then deny
    set security application-firewall rule-sets DENY-YOUTUBE rule 2A match dynamic-application junos:FACEBOOK-CHAT
    set security application-firewall rule-sets DENY-YOUTUBE rule 2A match dynamic-application junos:FACEBOOK-ACCESS
    set security application-firewall rule-sets DENY-YOUTUBE rule 2A then deny
    set security application-firewall rule-sets DENY-YOUTUBE default-rule permit

    -------

    With this policy, I can still access youtube and post a comment on any video. Lol.



  • 11.  RE: Application firewall not working on SRX550

    Posted 07-08-2016 01:57

    Hello rajas,

     

    Please check AI cache table and RT_FLOW_SESSION_CLOSE log to confirm the application name.

    And also you can get application name in flow session before session close.

    And then please confirm the application name is configured in your appfw rule.

    If the traffic's application name is not configured in some rule, it will hit default rule.

     

    cli> show services application-identification application-system-cache

    cli> show log appfw.syslog | grep rt_flow_session_close

    cli> show security flow session extensive application-firewall

     

    Thanks a lot,

    annlu