You recently implemented application firewall rules on an SRX device to act upon encrypted
traffic. However, the encrypted traffic is not being correctly identified. Which two actions will
help the SRX device correctly identify the encrypted traffic? (Choose two.)
A.
Use the junos:SPECIFIED-ENCRYPTED application signature.
B.
Use the junos:UNSPECIFIED-ENCRYPTED application signature.
C.
Disable the application system cache.
D.
Enable heuristics to detect the encrypted traffic.
Heuristic Detection of Encrypted P2P Applications
Peer-to-peer applications, such as Skype, encrypt data packets. Predefined or custom application signatures, which are based on regular expression patterns, cannot be matched to encrypted data. However, application identification heuristics can detect the application of some known, encrypted peer-to-peer traffic on TCP and UDP protocols.
To improve the overall application detection rate, enable heuristics with the set services application-identification enable-heuristics command.
When encryption is enabled but the application of encrypted peer-to-peer traffic cannot be determined, the special application junos:unspecified-encrypted is assigned to the traffic. AppSecure services can process junos:unspecified-encrypted traffic like other dynamic applications.
0
0