unknown-message (Security SIP ALG)
Syntax
unknown-message {
permit-nat-applied;
permit-routed;
}
Hierarchy Level
[edit logical-systems name security alg sip (Security) application-screen (Security SIP)], [edit logical-systems name tenants name security alg sip (Security) application-screen (Security SIP)], [edit security alg sip (Security) application-screen (Security SIP)], [edit services alg sip (Security) application-screen (Security SIP)], [edit tenants name security alg sip (Security) application-screen (Security SIP)]
Description
Specify how SRX Series Firewall handles unidentified Session Initiation Protocol (SIP) messages. The default is to drop unknown (unsupported) messages. Permitting unknown messages can compromise security and is not recommended. However, in a secure test or production environment, this statement is useful for resolving interoperability issues with disparate vendor equipment. You can permit unknown SIP (unsupported) messages to get your network operational. Later, you can analyze your VoIP traffic to determine why some messages were dropped.
This statement applies only to received packets identified as supported VoIP packets. If a packet cannot be identified, it is always dropped. If a packet is identified as a supported protocol, the message is forwarded without processing.
Options
permit-nat-applied—Permits unknown messages to pass if the session is in NAT mode.permit-routed—Permit unknown messages on routed packets. Sessions in Transparent mode are treated as Route mode.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.