[j-nsp] SRX3400: DNS ALG on 10.2R1
Rob Cameron
rcameron at juniper.net
Thu Aug 26 12:48:20 EDT 2010
Juniper is looking to disable ALGs in the future. The challenge is they can work in the right scenarios but that every possible scenario. Because of this on the data center/high end SRX devices ALGs will be disabled by default. On the branch devices most of the ALGs will be left on by default. The idea is that the branch devices are more likely to have needs to use ALGs than the larger boxes.
Rob Cameron
Technical Marketing Engineer - HSS
robc at juniper.net
www.juniper.net
On Aug 12, 2010, at 5:22 PM, Mark Kamichoff wrote:
On Thu, Aug 12, 2010 at 04:01:47PM -0700, Quoc Hoang wrote:
> IMHO, ALGS should be disabled by default.
>From what I've seen, Juniper started disabling over half of the ALGs in
recent ScreenOS releases (probably the ones that JTAC has indicated
cause more problems than they solve).
I'm a little surprised they haven't done the same with the SRXes. A
default install on my 210 w/10.2R2.11 shows all ALGs enabled except
IKE-ESP, strangely enough.
- Mark
--
Mark Kamichoff
prox at prolixium.com
http://www.prolixium.com/
<signature.asc><ATT00001..txt>
More information about the juniper-nsp
mailing list