unknown-message (Security SCCP ALG)
Syntax
unknown-message {
permit-nat-applied;
permit-routed;
}
Hierarchy Level
[edit logical-systems name security alg sccp application-screen], [edit logical-systems name tenants name security alg sccp application-screen], [edit security alg sccp application-screen], [edit services alg sccp application-screen], [edit tenants name security alg sccp application-screen]
Description
Specify how SRX Series Firewall handles unidentified Skinny Client Control Protocol (SCCP) messages. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement is useful to resolve interoperability issues with disparate vendor equipment. You can permit unknown MGCP (unsupported) messages to get your network operational. Later, you can analyze your VoIP traffic to determine why some messages were dropped.
This statement applies only to received packets identified as supported VoIP packets. Unidentified packets are always dropped. If a packet is identified as a supported protocol, SRX Series Firewall forwards the message without processing.
Options
permit-nat-applied—Permits unknown messages to pass if the session is in NAT mode.permit-routed—Permit unknown messages on routed packets. Sessions in Transparent mode are treated as Route mode.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.