Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to disable the protocol decoder for particular protocols on ISG-IDP

0

0

Article ID: KB21574 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:
This articles describes the process involved in disabling protocols from being decoded on the ISG-IDP.
Symptoms:
An ISG-IDP administrator may have a case with JTAC where they need, for troubleshooting purposes, to disable the protocol detector from decoding certain protocols. Protocols that are not decoded not only skip the inspection process, but also do not run through the decoder. There can be memory leaks in a detector even where a protocol is being decoded by the detector, but not inspected for IDP.

This article will instruct how to list, disable, and re-enable protocol decoding for a supported protocol.
Solution:
These commands need to be run on each SM. First, you can take a look to see the enabled and disabled decoder services by running the following command:
exec sm # "scio const -d detector2.s0 list

0055-test-fw-01(I)-> For cpu 0
Enabled Decoder of Services:
AIM BGP CHARGEN DHCP DISCARD DNS
ECHO FINGER FTP GNUTELLA GOPHER H225RAS
H225SGN HTTP ICMP IDENT IEC104 IKE
IMAP IRC LDAP LPR MGCP MODBUS
MSN MSRPC MSSQL MYSQL NBDS NBNAME
NFS NNTP NTP POP3 PORTMAPPER RADIUS
REXEC RLOGIN RPC RSH RTP RTPVIDEO
RTSP RUSERS SIP SMB SMTP SNMP
SNMPTRAP SQLMON SSH SSL SYSLOG TELNET
TFTP TNS UNSPECIFIED VNC WHOIS YMSG

Disabled Decoder of Services:

For CPU 1:
Enabled Decoder of Services:
AIM BGP CHARGEN DHCP DISCARD DNS
ECHO FINGER FTP GNUTELLA GOPHER H225RAS
H225SGN HTTP ICMP IDENT IEC104 IKE
IMAP IRC LDAP LPR MGCP MODBUS
MSN MSRPC MSSQL MYSQL NBDS NBNAME
NFS NNTP NTP POP3 PORTMAPPER RADIUS
REXEC RLOGIN RPC RSH RTP RTPVIDEO
RTSP RUSERS SIP SMB SMTP SNMP
SNMPTRAP SQLMON SSH SSL SYSLOG TELNET
TFTP TNS UNSPECIFIED VNC WHOIS YMSG
Disabled Decoder of Services:

Then you can disable a protocol with the following command (We will use IMAP as an example):

-> exec sm # "scio const -d detector2.s0 set IMAP 0

For CPU 0
scio: setting IMAP to 0x0
For CPU 1
scio: setting IMAP to 0x0

Then you can verify that it is disabled with the first command:

-> exec sm # "scio const -d detector2.s0 list

For CPU 0:
Enabled Decoder of Services:
AIM BGP CHARGEN DHCP DISCARD DNS
ECHO FINGER FTP GNUTELLA GOPHER H225RAS
H225SGN HTTP ICMP IDENT IEC104 IKE
IRC LDAP LPR MGCP MODBUS MSN
MSRPC MSSQL MYSQL NBDS NBNAME NFS
NNTP NTP POP3 PORTMAPPER RADIUS REXEC
RLOGIN RPC RSH RTP RTPVIDEO RTSP
RUSERS SIP SMB SMTP SNMP SNMPTRAP
SQLMON SSH SSL SYSLOG TELNET TFTP
TNS UNSPECIFIED VNC WHOIS YMSG
Disabled Decoder of Services:
IMAP
For CPU 1:
Enabled Decoder of Services:
AIM BGP CHARGEN DHCP DISCARD DNS
ECHO FINGER FTP GNUTELLA GOPHER H225RAS
H225SGN HTTP ICMP IDENT IEC104 IKE
IRC LDAP LPR MGCP MODBUS MSN
MSRPC MSSQL MYSQL NBDS NBNAME NFS
NNTP NTP POP3 PORTMAPPER RADIUS REXEC
RLOGIN RPC RSH RTP RTPVIDEO RTSP
RUSERS SIP SMB SMTP SNMP SNMPTRAP
SQLMON SSH SSL SYSLOG TELNET TFTP
TNS UNSPECIFIED VNC WHOIS YMSG
Disabled Decoder of Services:
IMAP

To re-enable IMAP, use the 1 flag of the second command:
-> exec sm # "scio const -d detector2.s0 set IMAP 1
For CPU 0
scio: setting IMAP to 0x1
For CPU 1
scio: setting IMAP to 0x1

This setting will not sustain through reboots. If the SM or ISG is rebooted, then the command needs to be re-enabled/disabled.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search