Hi Rakesh,
I appreciate the response but please re-read my post to properly understand the issue.
I had this in my config:
user@srx> show configuration applications
application genesys-cpd {
protocol tcp;
destination-port 3320;
inactivity-timeout 43200;
}
application genesys-ocs {
protocol tcp;
destination-port 3330;
inactivity-timeout 43200;
}
user@srx> show configuration security policies
default-policy {
permit-all;
}
Traffic to TCP ports 3320 or 3330 does not inherit the 43,200 second idle timer, so it appears that defining the applications alone is not enough, or I am hitting a bug.
Sure enough, amending my security policy configuration as follows achieves the desired result:
user@j6350> show configuration security policies
from-zone trust to-zone trust {
policy TEST1 {
match {
source-address any;
destination-address any;
application [ genesys-cpd genesys-ocs ];
}
then {
permit;
log {
session-init;
session-close;
}
}
}
}
default-policy {
permit-all;
}
Summary:
1) Defining the custom application's parameters (e.g. inactivity-timeout) without matching in an explicitly defined security policy does not achieve the desired result.
2) When using a default-policy that permits all traffic, for custom application parameters to take effect, an explicity policy must be defined. This is not the case for pre-defined/built-in ("junos-*") application definitions.
3) Further, custom application definitions do not appear in the output of 'request pfe execute target fwdd "show usp app-def [tcp|udp]"', even when matched in an explicit security policy term.
Cheers.