Configuring NSGP Overview

NetScreen Gatekeeper Protocol (NSGP) is a Juniper Networks proprietary peer-to-peer protocol that enables a security device to act as a server for voice-over-IP (VoIP) traffic:

• NetScreen-500 security devices running ScreenOS 5.0 GPRS can be both the NSGP server and client.
• NetScreen-500 and NetScreen 5000 line security devices running ScreenOS 5.0 NSGP or 5.1 and later can only be an NSGP server.

  Note: To use NSGP on a NetScreen-500 or NetScreen 5000 line device, you must first enable NSGP using a license key. For information about activating NSGP using a license key, see the Network and Security Administration Guide.

You can use NSGP to prevent overbilling attacks that can occur when using the GPRS tunneling protocol (GTP) for VoIP. By configuring one security device as an NSGP server and another security device as a GTP client, you can keep both server and client aware of the connection status. When a user initiates a call, the NSGP server and GTP client establish a session; when the user completes the call, the client notifies the server, prompting the server to close the session.

Configuring NSGP on a device does not automatically enable the device to handle GTP traffic—it enables the GTP client and NSGP server to close a session at the same time. To enable the GTP client to manage GPRS traffic, you must create a GTP object, and then add that object to the security policy installed on the device. For details on creating a GTP object and adding a GTP object to a security policy, see the Network and Security Manager Administration Guide.

Related Documentation

• NSGP Modules Overview
• Configuring Hostnames and Domain Names Overview
• Example: Configuring NSGP on GTP and Gi Firewalls (NSM Procedure)