unknown-message (Security H323 ALG)
Syntax
unknown-message {
permit-nat-applied;
permit-routed;
}
Hierarchy Level
[edit logical-systems name security alg h323 application-screen], [edit logical-systems name tenants name security alg h323 application-screen], [edit security alg h323 application-screen], [edit services alg h323 application-screen], [edit tenants name security alg h323 application-screen]
Description
Specify how the SRX Series Firewall handles the unidentified H.323 messages. By default, SRX Series Firewall drops unknown messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement is useful to resolve interoperability issues with disparate vendor equipment. By permitting unknown H.323 (unsupported) messages, you can get your network operational. Later, you can analyze your VoIP traffic to determine why the device dropped the messages.
This statement applies only to received packets identified as supported VoIP packets. SRX Series Firewall always drops unidentified packets and passes the identified packets without processing.
Options
permit-nat-applied—Permits unknown messages to pass if the session is in NAT mode.permit-routed—Permit unknown messages on routed packets. Sessions in Transparent mode are treated as Route mode.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.