NBAR, simple answer is JUNOS doesn't do it, but you can do something similar to NBAR using firewall filters and CoS stuff.
lets put it this way, when you apply a Cisco policy-map that contains a class with “match protocol” statement, the system starts NBAR classification engine on the interface. Any packet, be it ingress or ingress, passes the NBAR inspection engine provided that it passes the basic filters like matching the port number assigned to the protocol and Juniper routers (both M-series with IP II and T-series) have extensive packet classification capabilities, provided by JunOS syntax of firewall filters.
NBAR performs deep packet inspection to provide layer 4 to layer 7 (identification of protocol and application)...like
class-map match-all TEST
match protocol http url "*.(t?xt|ocx|ex[ea])”
!
policy-map TEST
class TEST
drop
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.30
service-policy input TEST
As soon as user opens the URL matching the class-map specification, the engine will classify the flow as matching the class “TEST”. After this, all returning packets (server to client) for this flow will be dropped by the policy map.
I wonder if we will be able to do this with JUNOS... I would encourage everyone to ask Juniper to implement application layer 7 support in addition to application identification (especially as they grow into the enterprise market with the J Series platform). Hey, it could happen. 🙂