User manual JUNIPER NETWORKS SECURITY THREAT RESPONSE MANAGER APPLICATION CONFIGURATION GUIDE REV 1

[. . . ] This equipment has been tested and found to comply with the limits for a Class B digital device in accordance with the specifications in part 15 of the FCC rules. These specifications are designed to provide reasonable protection against such interference in a residential installation. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures: Reorient or relocate the receiving antenna. [. . . ] For more information on the default values, see Chapter 2 Default Applications. Note: For more information on enabling or disabling application detection, see the STRM Administration Guide. Defining Application Mappings To define application mappings: Step 1 Using SSH, log in to STRM. Step 2 Open the following file: /store/configservices/staging/globalconfig/user_application_ mapping. conf Note: To edit the name of the user_application_mapping. conf file, you can edit the User Application Mapping parameter in the Flow Processor configuration window. If the user_application_mapping. conf does not exist in your system, create the file and place the empty in the above directory. Step 3 Update the file, as necessary. When updating the file, note the following: · · Each line in the file indicates a new mapped application. You can specify multiple mappings (each on a seperate line) for the same application. The wildcard character must be used alone and not part of a comma separated list. The wildcard character indicates that this field applies to all flows. STRM Default Application Configuration Guide Defining Application Mappings 3 · Since it is possible for a flow to be associated with multiple mappings, a flow is mapped to an application ID based on the order of the file. When adding new application identification numbers, we recommend that you apply numbers ranging between 15, 000 to 20, 000. Contact Juniper Networks Customer Support for further information. · The format of the entry must resemble the following: <New ID> <Old ID> <Source IP Address>:<Source Port> <Dest IP Address>:<Dest Port> <Name> Where: · <New ID> specifies the application ID you wish to assign to the flow. If the ID you wish to assign does not exist, you must create the ID using the Application View in the STRM interface. For more information, see the STRM Administration Guide. · <Old ID> specifies the default application ID of the flow, as assigned by STRM. For more information on the default values, see Chapter 2 Default Applications. <Source IP Address> specifies the source IP address of the flow. This field may contain either a comma separated list of addresses or CIDR values. A value of * indicates a wildcard, which means that this field applies to all flows. This field may contain a comma · · separated list of values or ranges specifies in the format: <lower port number>-<upper port number>. A value of * indicates a wildcard, which means that this field applies to all flows. · <Dest IP Address> specifies the destination IP address of the flow. This field may contain either a comma separated list of addresses or CIDR values. A value of * indicates a wildcard, which means that this field applies to all flows. This field may contain a comma separated list of values or ranges specifies in the format: <lower port number>-<upper port number>. A value of * indicates a wildcard, which means that this field applies to all flows. For example, the below example maps all flows that match the IP addresses and ports for which the Flow Collector has assigned to the Old ID of 1010 and assign the new ID of 15000: 15000 1010 10. 100. 100/24, 10. 100. 50. 10:* 172. 14. 33. 33:80, 443 Step 4 Save and exit the file. [. . . ] Common P2P port traffic. STRM Default Application Configuration Guide 16 DEFAULT APPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess Common-P2P-Port Common-P2P-Port DirectConnect DirectConnect DirectConnect DirectConnect DirectConnect EarthStationV FileRogue Filetopia Furthurnet GnuCleusLan Gnutella Groove Hotline Kazaa LimeWire Morpheus Napster Napster2 OpenNap PeerEnabler PeerEnabler Piolet ScourExchange Soulseek Tripnosis eDonkey iMesh ATSTCP Attachmate-GW CORBA Citrix CitrixICA Value 33955 33956 5863 5864 5865 5866 5867 60182 60145 60168 60160 2009 2000 60134 60136 2001 2008 2010 2011 60181 2007 2204 2004 2005 60113 60184 60135 2002 60114 60107 60100 60043 34814 5670 Description Common P2P port traffic. Remote Access Citrix ICA Traffic. STRM Default Application Configuration Guide 17 Table 2-1 Default Applications (continued) Application View Group Sub-Component RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RemoteAccess RoutingProtocols CitrixICA GoToMyPC JavaRMI MSTerminalServices OpenConnect-JCP OpenWindows PCanywhere PCanywhere Persona RDP RemotelyAnywhere SMTBF SSH SSH-Ports SSH-Ports SSL SSL-Shell SmartSockets SunRPC Tacacs Telnet Telnet-Port Timbuktu VNC XWindows radmin rexec rlogin rsh rsynch rwho tn3270 tn5250 ARP Value 5671 60164 60109 6001 60085 34807 20948 50528 60093 60052 60188 60103 1005 20947 20949 60001 60092 60169 60027 34808 1000 20950 60017 1006 60050 60177 60081 60089 60128 60159 60090 60010 60063 34820 Description Remote Access Citrix ICA Traffic. ARP traffic. STRM Default Application Configuration Guide 18 DEFAULT APPLICATIONS Table 2-1 Default Applications (continued) Application View Group Sub-Component RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols RoutingProtocols AURP BGP BPDU Banyan-VINES CBT CiscoOUI DRP DTP EGP EIGRP GatewayRouting IDP IGMP IGP IanaProtocol-IP OSPF PAgP PIM PVSTP RARP RIP SpanningTree VLAN-Bridge VTP Value 60011 60029 34821 34838 60045 34823 60038 60192 60032 60065 34836 34825 60041 60098 34835 60031 60190 60044 60189 60047 60028 60046 60191 60193 60061 60033 60172 60037 60080 60026 60036 60067 60079 60171 60186 Description AURP traffic. SoftEther traffic. SecurityProtocols DPA SecurityProtocols GRE SecurityProtocols IPMobility SecurityProtocols IPSec SecurityProtocols ISAKMP SecurityProtocols L2TP SecurityProtocols PPTP SecurityProtocols RC5DES SecurityProtocols SOCKS SecurityProtocols SWIPE SecurityProtocols SoftEther STRM Default Application Configuration Guide 19 Table 2-1 Default Applications (continued) Application View Group Sub-Component Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Uncommon Protocol Uncommon Protocol Unknown_apps VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP VoIP Abacast H. 261 H. 262 H. 263 MPEG-Audio MPEG-Video MicrosoftMediaServer Motion RTP-Skinny RTSP RadioNetscape Real ST2 StreamWorks StreamingAudio StreamingAudio WinMedia WinampStream WindowsMediaPlayer WindowsMediaPlayer DEC UncommonProtocol Unknown CiscoCTI Clarent-CC Clarent-Complex Clarent-Mgmt Clarent-Voice-S Dialpad G711 G722 G729 H. 323 Value 60174 34829 34828 34827 60053 60054 4002 60185 34834 5071 60180 60003 60034 60014 4000 4001 60025 60165 5005 5006 34824 34850 1 60144 60075 60074 60072 60073 60140 34833 34832 34831 60018 Description Abacast traffic. [. . . ]