Example: Allowing Unknown SCCP ALG Message Types

This example shows how to configure the SCCP ALG to allow unknown SCCP message types in both NAT mode and route mode.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin, determine whether to accommodate new and unknown SCCP message types for the device. See Understanding SCCP ALG Unknown Message Types.

Overview

This feature enables you to specify how unidentified SCCP messages are handled by a Juniper Networks device. The default is to drop unknown (unsupported) messages because unknown messages can compromise security. However, in a secure test or production environment, this command can be useful for resolving interoperability issues with disparate vendor equipment.

Configuration

J-Web Quick Configuration

Step-by-Step Procedure

To configure the SCCP ALG to allow unknown message types:

1. Select Configure>Security>ALG.
2. Select the SCCP tab.
3. Select the Enable Permit NAT applied check box.
4. Select the Enable Permit routed check box.
5. Click OK to check your configuration and save it as a candidate configuration.
6. If you are done configuring the device, click Commit Options>Commit.

Step-by-Step Procedure

To configure the SCCP ALG to allow unknown message types:

1. Allow unknown message types to pass if the session is in either NAT mode or in route mode.
   [edit]user@host# set security alg sccp application-screen unknown-message permit-nat-applied permit-routed
2. If you are done configuring the device, commit the configuration.
   [edit]user@host# commit

Verification

To verify the configuration is working properly, enter the show security alg sccp command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding SCCP ALG Unknown Message Types
• SCCP ALG Configuration Overview
• Verifying SCCP ALG Configurations