Classification Of Deep Inspection Methods - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SCREENOS DEVICES GUIDE REV 01 Manual

Related
Documentation

Classification of Deep Inspection Methods

Table 43: Deep Inspection: Supported Protocols
Deep Inspection: Supported Protocols
AIM
CHARGEN
DHCP
DISCARD
DNS
Copyright © 2010, Juniper Networks, Inc.
Classification of Deep Inspection Methods on page 183
Attack Object Database Overview on page 184
Internal Antivirus HTTP Webmail Settings Overview on page 181
The Deep Inspection (DI) option is only available on some security devices. DI is a
mechanism for filtering permitted traffic. When you enable DI in a firewall rule, the device
examines permitted traffic and takes action if the DI module in ScreenOS finds attack
signatures or protocol anomalies.
NOTE: Deep inspection is only available on standalone devices. It cannot be
used to disable attacks when the device is in a cluster.
The Juniper Networks Security team provides multiple DI signature packs for different
security needs. Packs are covered by license keys. You must get a license key to enable
a signature pack. Only one signature pack can exist for a given device.
Available signature packs are as follows:
Server Protection Pack
Client Protection Pack
Worm Mitigation Pack
Baseline (Default) Pack
Use the Deep Inspection configuration screens to modify the default settings defined in
RFCs and RFC extensions for the following protocols listed in Table 43 on page 183.
NOTE: You can also enable the validation of all TCP packets for TCP
checksum by selecting Enable TCP Checksum.
IDENT
IKE
IMAP
IRC
LDAP
NTP
POP3
PortMapper
RADIUS
Rexec
Chapter 6: Security
SNMP/Trap
SQL Mon
SSH
SSL
Syslog
183