- alg {
-
- dns {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- ftp {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- h323 {
-
- application-screen {
-
- message-flood {
- gatekeeper threshold rate
;
- }
-
- unknown-message {
- permit-nat-applied;
- permit-routed;
- }
- }
- disable;
- endpoint-registration-timeout seconds
;
- media-source-port-any;
-
- traceoptions {
-
- flag {
- all <detail | extensive
| terse>;
- cc <detail | extensive
| terse>;
- h225-asn1 <detail | extensive
| terse>;
- h245 <detail | extensive
| terse>;
- h245-asn1 <detail | extensive
| terse>;
- q931 <detail | extensive
| terse>;
- ras <detail | extensive
| terse>;
- ras-asn1 <detail | extensive
| terse>;
- }
- }
- }
-
- mgcp {
-
- application-screen {
- connection-flood threshold rate
;
- message-flood threshold rate
;
-
- unknown-message {
- permit-nat-applied;
- permit-routed;
- }
- }
- disable;
- inactive-media-timeout seconds
;
- maximum-call-duration minutes
;
-
- traceoptions {
-
- flag {
- all <extensive>;
- call <extensive>;
- cc <extensive>;
- decode <extensive>;
- error <extensive>;
- nat <extensive>;
- packet <extensive>;
- rm <extensive>;
- }
- }
- transaction-timeout seconds
;
- }
-
- msrpc {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- pptp {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- real {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- rsh {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- rtsp {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- sccp {
-
- application-screen {
- call-flood threshold rate
;
-
- unknown-message {
- permit-nat-applied;
- permit-routed;
- }
- }
- disable;
- inactive-media-timeout seconds
;
-
- traceoptions {
-
- flag {
- all <extensive>;
- call <extensive>;
- cc <extensive>;
- cli <extensive>;
- decode <extensive>;
- error <extensive>;
- init <extensive>;
- nat <extensive>;
- rm <extensive>;
- }
- }
- }
-
- sip {
-
- application-screen {
-
- protect {
-
- deny {
- all | destination-ip address
;
- timeout
seconds ;
- }
- }
-
- unknown-message {
- permit-nat-applied;
- permit-routed;
- }
- }
- c-timeout minutes ;
- disable;
- disable-call-id-hiding;
- inactive-media-timeout seconds
;
- maximum-call-duration minutes
;
- retain-hold-resource;
- t1-interval milliseconds ;
- t4-interval seconds ;
-
- traceoptions {
-
- flag {
- all <detail | extensive
| terse>;
- call <detail | extensive
| terse>;
- cc <detail | extensive
| terse>;
- nat <detail | extensive
| terse>;
- parser <detail | extensive
| terse>;
- rm <detail | extensive
| terse>;
- }
- }
- }
-
- sql {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- sunrpc {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- talk {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
-
- tftp {
- disable;
-
- traceoptions {
-
- flag {
- all <extensive>;
- }
- }
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
Configure an Application Layer Gateway (ALG) on the device. An ALG runs as a service and can be associated in policies with specified types of traffic. ALGs are enabled by default.
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.