SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  details/settings for predefined "junos-" applications

    Posted 02-17-2010 13:04

    Is there some way (or some place) I can get details on the pre-defined applications that exist within JunOS?  ie, all the applications that are predefined and prefixed w/ "junos" (junos-ping, junos-ssh, junos-sip, etc).  I would like to see the actual src/dst ports, timeouts, RPC info where appropriate, etc.

     

    I found a spot in the 10.0 JunOS documentation that said there was a "show applications" command, but that doesn't seem to exist (at least not on 10.1R1.8 on SRX100 or 9.6R1.13 on a 240...)

     

    Any pointers appreciated, thanks!



  • 2.  RE: details/settings for predefined "junos-" applications
    Best Answer

    Posted 02-17-2010 13:44

    Hello,

    There is such a way indeed

     

     

    root> show configuration groups junos-defaults applications              
#
# File Transfer Protocol 
#
application junos-ftp {
    application-protocol ftp;
    protocol tcp;
    destination-port 21;
}
#
# Trivial File Transfer Protocol 
#
application junos-tftp {
    application-protocol tftp;
    protocol udp;
    destination-port 69;
}
#
# Real Time Streaming Protocol 
#       
application junos-rtsp {
    application-protocol rtsp;
    protocol tcp;
    destination-port 554;
}                   
#
# Network Basic Input Output System  - networking protocol used on
# Windows networks   session service port
#
application junos-netbios-session {
    protocol tcp;
    destination-port 139;
}
application junos-ssh {
    protocol tcp;
    destination-port 22;
}
application junos-telnet {
    protocol tcp;
    destination-port 23;
}
application junos-smtp {
    protocol tcp;
    destination-port 25;
}
<<long printout follows, omitted here for brevity>>

     

    Regarding the timeouts

     

     

    For single application entries, an application timeout lookup proceeds as follows:

-The specified timeout in the application entry database, if set.
-The default timeout in the application entry database, if specified in the predefined application.
-The protocol-based default timeout table.

     

     

    http://www.juniper.net/techpubs/software/junos-security/junos-security10.1/junos-security-swconfig-security/topic-41683.html

     

    Rgds

    Alex

     



  • 3.  RE: details/settings for predefined "junos-" applications

    Posted 02-17-2010 13:48

    Perfect, thank you!

     

    Looks like lots of other good stuff under group junos-defaults as well.

     

    Best regards!



  • 4.  RE: details/settings for predefined "junos-" applications

    Posted 03-18-2010 11:33

    is there a way to modify default protocol timeout or somehow make SRX to use separate timeout for management connections (telnet/ssh) to self ?

     

    Here is why I'm asking:

     

    http://forums.juniper.net/t5/SRX-Services-Gateway/what-is-the-proper-way-to-setup-cli-timeout-on-SRX/td-p/37175



  • 5.  RE: details/settings for predefined "junos-" applications

    Posted 03-23-2015 11:15

    You have to define a new application. If you try to override the default junos-ssh settings you're going to have a bad time. My experience with that was a inactivity-timeout of about half of the setting I configured. JTAC said that wasn't a supported configuration, and the proper way is to do something like below:

     

    set applications application my-ssh protocol tcp
    set applications application my-ssh destination-port 22
    set applications application my-ssh inactivity-timeout 86400

     

    set security policies from-zone trust to-zone untrust policy ssh match application my-ssh
    set security policies from-zone untrust to-zone trust policy ssh match application my-ssh