Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01 Manual page 75

Table 34: APE Rulebase Rule Properties (continued)
Option
Match > Destination
Match > Service
Match > Application
Copyright © 2010, Juniper Networks, Inc.
Function
Specifies the address object that is the
destination of the traffic, typically a server
or other device on your network.
Requires one of the specified services to
match the session for the rule to be
applied. Services are Application Layer
protocols that define how data is
structured as it travels across the network.
The IDP engine can inspect services that
use TCP, UDP, RPC, and ICMP transport
layer protocols. If the application running
on the destination server uses standard
ports, you can select from predefined
services. If the application running on the
destination server uses nonstandard ports,
you must create a custom service object.
Requires one of the specified applications
to match the session for the rule to be
applied. The predefined list of applications
is populated by the application
identification feature. The application
identification feature identifies the
application regardless of port.
Port-independent application identification
simplifies rule configuration and ensures
that you do not miss applications running
on nonstandard ports. Hence it is
recommended to use the application
parameter instead of the service parameter
whenever possible.
Chapter 4: Configuring Security Policies
Your Action
Select the destination object.
NOTE: You can also negate one or more
address objects to specify all destinations
except the excluded object.
Right-click the table cell and select any one of
the required options.
If you specify named values for both service
and application, only the application value is
used.
It is recommended to specify Default for the
service parameter and configure the
application parameter instead.
Specify Any to not use service as a key to your
match.
NOTE: To apply an APE action to all traffic
matching source and destination parameters,
set both the service parameter and the
application parameter to Any..
Right-click the table cell and make your
required modifications.
If you specify named values for both service
and application, only the application value is
used.
Specify Any to not use application as a key to
your match.
NOTE: To apply an APE action to all traffic
matching source and destination parameters,
set both the service parameter and the
application parameter to Any.
59