How would you accomplish this goal?

You want to verify that all application traffic traversing your SRX device uses standard ports. For
example, you need to verify that only DNS traffic runs through port 53, and no other protocols.
How would you accomplish this goal?

You want to verify that all application traffic traversing your SRX device uses standard ports. For
example, you need to verify that only DNS traffic runs through port 53, and no other protocols.
How would you accomplish this goal?

A.
Use an IDP policy to identify the application regardless of the port used.

B.
Use a custom ALG to detect the application regardless of the port used.

C.
Use AppTrack to detect the application regardless of the port used.

D.
Use AppID to detect the application regardless of the port used.

Explanation:

AppTrack for detailed visibility of application traffic Also AppTrack is aka AppID
Reference :http://forums.juniper.net/t5/SRX-Services-Gateway/What-is-AppTrack-aka-AppID/tdp/63029
An Application Layer Gateway (ALG) is a software component that is designed to manage specific
protocols
Reference :http://www.juniper.net/techpubs/software/junos-security/junos-security95/junossecurity-swconfig-security/id-79332.html



Leave a Reply 2

Your email address will not be published. Required fields are marked *


Josh

Josh

Nope, it’s actually App-ID, option “D”; notice that whether it’s IDP or Application Firewall detecting the activity, they both use App-ID as their engine; so bottom line, it’s APP-ID.

Juniper

Juniper

This time Josh is right. From Advanced security book 1 page 36:
“AppID is a module in the AppSecure suite that is enabled by default and allows the SRX devive to inspect and identify an application no matter which TCP or UDP port is in use…
The AppID engine can also detect applications that are nested inside another L7 application…
The AppID module is used nu the other AppSecure modules and IDP. This allows them to properly identify the application that a session is using”.

So right answer is D.