April 09, 2021—Revision 1, JDPI Release Notes. 9. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc...
Juniper Networks Deep Packet Inspection-Decoder (Application Signature) Release Notes Published 2021-04-09 RELEASE ii Table of Contents Recent Release History Overview New Features and Enhancements New or Modified Application Groups Obsolete Applications Resolved Issues Requesting Technical Support Revision History 1 Recent Release History Table 1 on page 1 summarizes the features and resolved issues in recent releases. You can use this table to help you decide to update the JDPI-Decoder version in your deployment. Table 1: JDPI-Decoder Features and Resolved Issues by Release Release Date Signature Pack Version JDPI Decoder Version Engine Features and Resolved Issues Version 5 April 09, 2021 The relevant signature package version is 3372. 1.500.2-3 5.6.0-39 1 This JDPI-Decoder version is supported only on the Junos OS 12.3X48-D95+ and later releases, 15.1X49-D200+ and later releases, Junos OS 19.2R1 and later releases which support the v5 engine on all supported SRX Series platforms. Starting in Junos OS release 20.1R1, enhancements to custom applications are included in the JDPIDecoder release. Overview The JDPI-Decoder is a dynamically loadable module that mainly provides application classification functionality and associated protocol attributes. It is hosted on an external server and can be downloaded as a package and installed on the device. The package also includes XML files that contain additional details of the list of applications and groups. The list of applications can be viewed on the device using the CLI command show services application-identification application summary. Additional details of any particular application can be viewed on the device using the CLI command show services application-identification application detail <application>. For additional details, see Application Signature. NOTE: This application signature package does not support v4 engines. This upgrade is only supported on Junos OS 12.3X48D95+ and later releases, 15.1X49-D200+ and later releases which support the v5 engine, and 19.2R1 and later releases which support the v5 engine. This 2 signature package is not compatible with Junos releases supporting version4 engine. The Junos releases supporting v4 engine will remain on PB1.460.2-46 and there will be no more updates for these releases. New Features and Enhancements IN THIS SECTION New Software Features and Enhancements Introduced in JDPI-Decoder Release 3372 | 2 New Applications | 2 Updated Applications | 3 Custom Applications | 6 The following sections describe new features and enhancements available in the JDPI-Decoder releases: New Software Features and Enhancements Introduced in JDPI-Decoder Release 3372 The following sections describe new features and enhancements available in JDPI-Decoder Release 3372. New Applications Table 2 on page 3 shows the applications that are added in this release of JDPI-Decoder. 3 Table 2: New Applications Sr. Application Name Application No. Type Reported Over Description 1 ONGUARD- CLIENT Infrastructure DCERPC OnGuard is a product from Lenel for managing physical security of buildings. This plug-in classifies the connection from the client software to the server. 2 OMRON-FINS Infrastructure TCP/UDP Omron FINS Protocol is SCADA protocol to communicate with PLC. Updated Applications Table 3 on page 3 lists the application updates in this release of JDPI-Decoder. Table 3: Updated Applications Sr. Application Name Application No. Type Reported Over Description 1 FLEXERA Infrastructure ADOBE/HTTP/ HTTP2/HTTPS/ SPDY/SSL/TCP This plug-in classifies FLEXNet license servers and Flexera website. 2 HTTP Web HAPROXY/ HTTP-PROXY/ HTTP-TUNNEL/ NET-PROXY/ SOCKS4/ SOCKS5/TCP/U DP This signature detects HyperText Transfer Protocol (HTTP). World Wide Web uses this protocol. This signature defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands. HTTP usually runs on TCP port 80. 4 Table 3: Updated Applications (Continued) Sr. Application Name Application No. Type Reported Over Description 3 HTTP2 Web SSL/TCP HTTP/2 is the second majorversion of the HTTP networkprotocol that the World WideWeb uses 4 HAO123 Web HTTP/HTTP2/ HTTPS/ SPDY/SSL This plug-in classifies the httptraffic to the host hao123.com. 5 OMNICAST Multimedia HTTP/HTTP2/ HTTPS/RTP/ RTSP/ SPDY/TCP/UDP Omnicast is an IP CCTV (closedcircuit television) collector,storage and visualization product.This plug-in classifieshttp andrtsp flows of Omnicast. This plug-in does not handle protocolsspecific to cameras. 6 PI-DATA Infrastructure TCP This plug-in classifies OSI PIDataArchive and Server SCADAprotocol. 7 SMTP Messaging SOCKS4/ SOCKS5/TCP This signature detects SimpleMail Transfer Protocol (SMTP).SMTP is protocol for e-mailtransmission across the Internet.It is an Internet standard host-to-host mail transport protocol.SMTP usually runs on TCP port25. 5 Table 3: Updated Applications (Continued) Sr. Application Name Application No. Type Reported Over Description 8 SYMANTEC-SEP Infrastructure DCERPC/HTTP/ Symantec developed HTTP2/HTTPS/ SymantecEndpoint Protection SPDY/SSL (SEP). SEP isa security software suite. SEPconsists of anti- malware,intrusion prevention, and firewallfeatures for servers and desktops.SEP has the largest market-shareof any product for endpointsecurity. 9 SOSO Web HTTP/HTTP2/ HTTPS/SSL/ SPDY This protocol plug-in classifies thehttptraffic to the host soso.com. 10 TELNET Remote- TCP Access This signature detects Telnet.Telnet is an remote textbasedlogin protocol. Telnet usually runson TCP port 23. 11 TIANYA Web HTTP/HTTP2/ HTTPS/SSL/ SPDY This signature detects TianyaClub. Tianya is one of the mostpopular Internet forums in China.Tianya provides BBS, blog, andphoto hosting services. 6 Table 3: Updated Applications (Continued) Sr. Application Name Application No. Type 12 X11 RemoteAccess Reported Over Description TCP X Window System is a system forimplementing a window- baseduser interface on bit- mappeddisplays. X11 is the most currentand widely used version of X. It isactually a network protocol thatwas designed to allow Unixprograms that utilize a GUI tosend the graphical output to aremote display. X11 usually runson TCP port 6000, 6001, 6002,and other ports. Custom Applications This release of JDPI-Decoder does not introduce any enhancements to the custom applications. New or Modified Application Groups Table 4 on page 6 lists the application additions and modifications in this release of JDPI-Decoder. Table 4: Modified Application Groups Application Group Name Applications Details Applications:infrastructure Added ONGUARDCLIENT and OMRON-FINS applications to the application group. 7 Obsolete Applications This release of JDPI-Decoder does not have any obsolete application. Resolved Issues Table 5 on page 7 describes the resolved issues in this release of JDPI-Decoder. Table 5: Resolved Issue Problem Report Description 1558458 AppID is unable to trigger vSRX Secure Web proxy transparent mode is for Custom applications. 1573791 AppID is unable to detect X11 application. 1574757 AppID is unable to detect PI application. 1576575 AppID is unable to detect junos:gaming, whenyou use this application with application junosdefaults in unified security policy. Requesting Technical Support IN THIS SECTION Self-Help Online Tools and Resources | 8 Creating a Service Request with JTAC | 9 8 Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or Partner Support Service support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. · JTAC policies--For a complete understanding of our JTAC procedures and policies, review the JTACUser Guide located at https://www.juniper.net/us/en/local/pdf/resource-guides/7100059en.pdf. · Product warranties--For product warranty information, visit http://www.juniper.net/support/ warranty/. · JTAC hours of operation--The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year. Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: · Find CSC offerings: https://www.juniper.net/customers/support/ · Search for known bugs: https://prsearch.juniper.net/ · · Find product documentation: https://www.juniper.net/documentation/ · · Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/ · Download the latest versions of software and review release notes: https://www.juniper.net/ customers/csc/software/ · Search technical bulletins for relevant hardware and software notifications: https://kb.juniper.net/ InfoCenter/ · Join and participate in the Juniper Networks Community Forum: https://www.juniper.net/company/ communities/ · Create a service request online: https://myjuniper.juniper.net To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/ 9 Creating a Service Request with JTAC You can create a service request with JTAC on the Web or by telephone. · Visit https://myjuniper.juniper.net. · · Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico). For international or direct-dial options in countries without toll-free numbers, see https:// support.juniper.net/support/requesting-support/. Revision History April 09, 2021--Revision 1, JDPI Release Notes. Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Copyright © 2021 Juniper Networks, Inc. All rights reserved.AH XSL Formatter V6.6 MR1 for Windows (x64) : 6.6.2.35616 (2018/10/15 18:42JST) Antenna House PDF Output Library 6.6.1317 (Windows (x64))