SRX

Hi all,

Below is the command in screenos. Tools I2J fail to convert this below command. May i know how to convert into srx junos?

set service "FTP" timeout 1
set service "HTTPS" timeout 40
set service "SIP" timeout never
set service "TELNET" timeout 1

set service "MySQL&SQLnetCustom10" protocol tcp src-port 0-65535 dst-port 7000-7000
set service "MySQL&SQLnetCustom10" + tcp src-port 0-65535 dst-port 3300-3300
set service "MySQL&SQLnetCustom10" timeout never

Thanks and appreciate someone feedback

set applications application FTP inactivity-timeout 60

set applications application HTTPS inactivity-timeout 2400

set applications application SIP inactivity-timeout never

set applications application TELNET inactivity-timeout 60

set applications application "MySQL&SQLnetCustom10" term term0 protocol tcp
set applications application "MySQL&SQLnetCustom10" term term0 source-port 0-65535
set applications application "MySQL&SQLnetCustom10" term term0 destination-port 7000
set applications application "MySQL&SQLnetCustom10" term term1 protocol tcp
set applications application "MySQL&SQLnetCustom10" term term1 source-port 0-65535
set applications application "MySQL&SQLnetCustom10" term term1 destination-port 3300

set applications application "MySQL&SQLnetCustom10" inactivity-timeout never

Please keep in mind that it is recommended to NOT use the "never" timeout, especially with UDP traffic (SIP).  UDP relies on timeout to close and clear the session.

Hi rseibert,

Is it comand below refer to application default group on on srx?

set service "FTP" timeout 1
set service "HTTPS" timeout 40
set service "SIP" timeout never
set service "TELNET" timeout 1

Thanks and appteciate your feedback

Hi,

It's appear the error.

[edit applications application MySQL-SQLnetCustom]
test@test# show
protocol tcp;
inactivity-timeout never;
term term0 protocol tcp destination-port 7000;
term term1 protocol tcp destination-port 3300;

[edit applications application MySQL-SQLnetCustom]
test@test# commit
[edit applications]
  'application MySQL-SQLnetCustom'
    Application term and non-term config cannot be specified together
[edit applications]
  'application'
    Error processing application object
error: configuration check-out failed

I think, you need not to define the protocol and the inactivity-timeout etc in the application when you are calling terms, see below, when it went through. 

refer https://www.juniper.net/documentation/en_US/junos/topics/example/security-custom-policy-application-term-option-configuring.html  for more details.

{secondary:node0}[edit applications application MySQL-SQLnetCustom]
root# show | display set
set applications application MySQL-SQLnetCustom term term0 protocol tcp
set applications application MySQL-SQLnetCustom term term0 destination-port 7000
set applications application MySQL-SQLnetCustom term term1 protocol tcp
set applications application MySQL-SQLnetCustom term term1 destination-port 3300

use root> show configuration groups junos-defaults applications  to see the default applications.

Thanks,

Vikas

Hi vikassing,

It's works. May i know whether have any different between using normal custom application without term and with term?

Thanks and appreciate your feedback

Hi kronicklez,

Adding multiple ports in a customer application will need the term or else if it's only one port then you don't even need to use term.

E.g. : refer Create Custom Services  with Multiple Ports (Requires "terms") in https://kb.juniper.net/InfoCenter/index?page=content&id=KB16621&actp=METADATA

Thanks,

Vikas

Hi Vikassingh,

Thanks for the feedback. Now it's clear.