Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual page 145

Copyright © 2010, Juniper Networks, Inc.
malicious or accidental traffic of a particular type, you might want to disable the
associated ALG.
You can enable or disable the following ALG protocols:
H.323 —Three ALGs handle specific tasks for H.323 traffic. To disable H.323 on the
security device, you must disable the following ALGs:
H.245 —This ALG is a control signaling protocol used to exchange messages between
H.323 endpoints.
Q.931 —This ALG is a Layer 3 protocol used for Integrated Services Digital Network
(ISDN) call establishment, maintenance, and termination between H.323 endpoints.
RAS —The Registration, Admission, and Status (RAS) ALG is used to register, control
admission, change bandwidth, check status, and perform disengage procedures
between H.323 endpoints and gatekeepers.
MSRPC —The Microsoft Remote Procedure Call (MS-RPC) ALG enables a program
running on one host to call procedures in a program running on another host. Because
of the large number of RPC services and the need to broadcast, the transport address
of an RPC service is dynamically negotiated based on the service program's universal
unique identifier (UUID).
RTSP —The Real-Time Streaming Protocol (RTSP) controls delivery of one or more
synchronized streams of multimedia, such as audio and video.
SIP —The Session Initiation Protocol (SIP) is an Internet Engineering Task Force
(IETF)-standard protocol for initiating, modifying, and terminating multimedia sessions
(such as conferencing, telephony, or multimedia) over the Internet. SIP is used to
distribute the session description, to negotiate and modify the parameters of an existing
session, and to terminate a multimedia session.
SQL — The SQL ALG handles SQL, a relational database management system.
SUNRPC — The Sun Remote Procedure Call (SUNRPC) enables a program running on
one host to call procedures in a program running on another host. Because of the large
number of RPC services and the need to broadcast, the transport address of an RPC
service is dynamically negotiated based on the service's program number and version
number.
MGCP — The Media Gateway Control Protocol (MGCP) is supported on security devices
in Route, Transparent, and Network Address Translation (NAT) modes. MGCP is a
text-based Application Layer protocol used for call setup and control. MGCP is based
on a master-slave call control architecture. The media gateway controller (call agent)
maintains call control intelligence, while the media gateways carry out instructions
from the call agent.
PPTP — The Point-to-Point Tunneling Protocol (PPTP) provides IP security at the
Network Layer. PPTP consists of a control connection and a data tunnel. The control
connection runs over TCP and helps in establishing and disconnecting calls, and the
data tunnel handles encapsulated Point-to-Point Protocol (PPP) packets carried over
IP.
Chapter 4: Advanced Network Settings
121