Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


unknown-message (Security SCCP ALG)


Hierarchy Level


Specify how SRX Series Firewall handles unidentified Skinny Client Control Protocol (SCCP) messages. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement is useful to resolve interoperability issues with disparate vendor equipment. You can permit unknown MGCP (unsupported) messages to get your network operational. Later, you can analyze your VoIP traffic to determine why some messages were dropped.

This statement applies only to received packets identified as supported VoIP packets. Unidentified packets are always dropped. If a packet is identified as a supported protocol, SRX Series Firewall forwards the message without processing.


  • permit-nat-applied—Permits unknown messages to pass if the session is in NAT mode.

  • permit-routed—Permit unknown messages on routed packets. Sessions in Transparent mode are treated as Route mode.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.