unknown-message (Security MGCP ALG)
Syntax
unknown-message { permit-nat-applied; permit-routed; }
Hierarchy Level
[edit logical-systems name security alg mgcp application-screen], [edit logical-systems name tenants name security alg mgcp application-screen], [edit security alg mgcp application-screen], [edit services alg mgcp application-screen], [edit tenants name security alg mgcp application-screen]
Description
Specify how SRX Series Firewall handles unidentified Media Gateway Control Protocol (MGCP) messages. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement is useful to resolve interoperability issues with disparate vendor equipment. You can permit unknown MGCP (unsupported) messages to get your network operational. Later, you can analyze your VoIP traffic to determine why some messages were dropped.
This statement applies only to received packets identified as supported VoIP packets. Unidentified packets are always dropped. If a packet is identified as a supported protocol, SRX Series Firewall forwards the message without processing.
Options
permit-nat-applied
—Permits unknown messages to pass if the session is in NAT mode.permit-routed
—Permit unknown messages on routed packets. Sessions in Transparent mode are treated as Route mode.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.