Classification of Deep Inspection Methods

The Deep Inspection (DI) option is only available on some security devices. DI is a mechanism for filtering permitted traffic. When you enable DI in a firewall rule, the device examines permitted traffic and takes action if the DI module in ScreenOS finds attack signatures or protocol anomalies.

Note: Deep inspection is only available on standalone devices. It cannot be used to disable attacks when the device is in a cluster.

The Juniper Networks Security team provides multiple DI signature packs for different security needs. Packs are covered by license keys. You must get a license key to enable a signature pack. Only one signature pack can exist for a given device.

Available signature packs are as follows:

Use the Deep Inspection configuration screens to modify the default settings defined in RFCs and RFC extensions for the following protocols listed in Table 43.

Note: You can also enable the validation of all TCP packets for TCP checksum by selecting Enable TCP Checksum.

Table 43: Deep Inspection: Supported Protocols

Deep Inspection: Supported Protocols

AIM

IDENT

NTP

SNMP/Trap

CHARGEN

IKE

POP3

SQL Mon

DHCP

IMAP

PortMapper

SSH

DISCARD

IRC

RADIUS

SSL

DNS

LDAP

Rexec

Syslog

ECHO

LPR

rlogin

TELNET

FINGER

MSN

SunRPC

TFTP

FTP

MSRPC

Rsh

VNC

GNUTELLA

MS-SQL

RTSP

WHOIS

GOPHER

NBNAME

Rusers

Yahoo Messenger

HTTP

NFS

SMB

 

ICMP

NNTOP

SMTP

 

For details on each protocol and its settings, refer to the di command in the NetScreen CLI Reference Guide.

For more information about DI, refer to the Concepts & Examples ScreenOS Reference Guide: Attack Detection and Defense Mechanisms.

Related Documentation