Classification of Deep Inspection Methods
The Deep Inspection (DI) option is only available on some security devices. DI is a mechanism for filtering permitted traffic. When you enable DI in a firewall rule, the device examines permitted traffic and takes action if the DI module in ScreenOS finds attack signatures or protocol anomalies.
Deep inspection is only available on standalone devices. It cannot be used to disable attacks when the device is in a cluster.
The Juniper Networks Security team provides multiple DI signature packs for different security needs. Packs are covered by license keys. You must get a license key to enable a signature pack. Only one signature pack can exist for a given device.
Available signature packs are as follows:
Server Protection Pack
Client Protection Pack
Worm Mitigation Pack
Baseline (Default) Pack
Use the Deep Inspection configuration screens to modify the default settings defined in RFCs and RFC extensions for the following protocols listed in Table 1.
You can also enable the validation of all TCP packets for TCP checksum by selecting Enable TCP Checksum.
Table 1: Deep Inspection: Supported Protocols
Deep Inspection: Supported Protocols | |||
|---|---|---|---|
AIM | IDENT | NTP | SNMP/Trap |
CHARGEN | IKE | POP3 | SQL Mon |
DHCP | IMAP | PortMapper | SSH |
DISCARD | IRC | RADIUS | SSL |
DNS | LDAP | Rexec | Syslog |
ECHO | LPR | rlogin | TELNET |
FINGER | MSN | SunRPC | TFTP |
FTP | MSRPC | Rsh | VNC |
GNUTELLA | MS-SQL | RTSP | WHOIS |
GOPHER | NBNAME | Rusers | Yahoo Messenger |
HTTP | NFS | SMB | |
ICMP | NNTOP | SMTP | |
For details on each protocol and its settings, refer to the di command in the NetScreen CLI Reference Guide.
For more information about DI, refer to the Concepts & Examples ScreenOS Reference Guide: Attack Detection and Defense Mechanisms.