Classification of Deep Inspection Methods
The Deep Inspection (DI) option is only available on some security devices. DI is a mechanism for filtering permitted traffic. When you enable DI in a firewall rule, the device examines permitted traffic and takes action if the DI module in ScreenOS finds attack signatures or protocol anomalies.
 |
Note: Deep inspection is only available on standalone devices. It cannot be used to disable attacks when the device is in a cluster. |
The Juniper Networks Security team provides multiple DI signature packs for different security needs. Packs are covered by license keys. You must get a license key to enable a signature pack. Only one signature pack can exist for a given device.
Available signature packs are as follows:
- Server Protection Pack
- Client Protection Pack
- Worm Mitigation Pack
- Baseline (Default) Pack
Use the Deep Inspection configuration screens to modify the default settings defined in RFCs and RFC extensions for the following protocols listed in Table 1.
|
Note: You can also enable the validation of all TCP packets for TCP checksum by selecting Enable TCP Checksum. |
Table 1: Deep Inspection: Supported Protocols
For details on each protocol and its settings, refer to the di command in the NetScreen CLI Reference Guide.
For more information about DI, refer to the Concepts & Examples ScreenOS Reference Guide: Attack Detection and Defense Mechanisms.
