See the following sections:
-
unknown-message {
-
permit-nat-applied;
-
permit-routed;
- }
- [edit security alg h323 application-screen]
Statement introduced in Release 8.5 of JUNOS software.
Specify how unidentified H.323 messages are handled by the device. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement can be useful for resolving interoperability issues with disparate vendor equipment. By permitting unknown H.323 (unsupported) messages, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.
This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.
This statement is supported on J-series devices.
permit-nat-applied—Specifies that unknown messages be allowed to pass if the session is in NAT mode.
permit-routed— Specifies that unknown messages be allowed to pass if the session is in Route mode. (Sessions in Transparent mode are treated as Route mode.)
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
-
unknown-message {
-
permit-nat-applied;
-
permit-routed;
- }
- [edit security alg mgcp application-screen]
Statement introduced in Release 8.5 of JUNOS software.
Specify how unidentified Media Gateway Control Protocol (MGCP) messages are handled by the device. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement can be useful for resolving interoperability issues with disparate vendor equipment. By permitting unknown MGCP (unsupported) messages, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.
This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.
This statement is supported on J-series and SRX-series devices.
permit-nat-applied—Specifies that unknown messages be allowed to pass if the session is in NAT mode.
permit-routed— Specifies that unknown messages be allowed to pass if the session is in Route mode. (Sessions in Transparent mode are treated as Route mode.)
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
-
unknown-message {
-
permit-nat-applied;
-
permit-routed;
- }
- [edit security alg sccp application-screen]
Statement introduced in Release 8.5 of JUNOS software.
Specify how unidentified Skinny Client Control Protocol (SCCP) messages are handled by the device. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement can be useful for resolving interoperability issues with disparate vendor equipment. By permitting unknown SCCP (unsupported) messages, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.
This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.
This statement is supported on J-series devices.
permit-nat-applied—Specifies that unknown messages be allowed to pass if the session is in NAT mode.
permit-routed— Specifies that unknown messages be allowed to pass if the session is in Route mode. (Sessions in Transparent mode are treated as Route mode.)
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
-
unknown-message {
-
permit-nat-applied;
-
permit-routed;
- }
- [edit security alg sip application-screen]
Statement introduced in Release 8.5 of JUNOS software.
Specify how unidentified Session Initiation Protocol (SIP) messages are handled by the device. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement can be useful for resolving interoperability issues with disparate vendor equipment. By permitting unknown SIP (unsupported) messages, you can get your network operational and later analyze your VoIP traffic to determine why some messages were being dropped.
This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.
This statement is supported on J-series devices.
permit-nat-applied—Specifies that unknown messages be allowed to pass if the session is in NAT mode.
permit-routed— Specifies that unknown messages be allowed to pass if the session is in Route mode. (Sessions in Transparent mode are treated as Route mode.)
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.