Netscreen Attack Detection and Defense Overview

Below outlines Netcreens Attack Detection and Defense. This is by no means a full guide by acts as a general summary to the various terms and technologies.


Features legacy security protection, such as SYN, UDP and ICMP floods, Port scans and certain OS-specific DoS attacks.

Deep Inspection

Allows for inspection at the application layer for select protocols using stateful contexts. ScreenOS breaks down the protocol stream into inspectable fields. ScreenOS then uses DFA (Deterministic Finite Automation) to inspect these fields.
Deep Inspection allows for you to configure your Netscreen to automatically update your Deep Inspection signature set, along with write your own using FDA Regex.
A license is required to activate Deep Inspection and to add Deep Inspection to a policy just click the Deep Inspection icon within the policy to set the required settings. To create you own signiture go to “Objects | Attack | Custom”.

URL Filtering

This allows for the use of 3rd Parties URL filtering options such as either SurfControl or Websense. Surf control includes an option called integrated mode which allows you to store filtering profiles upon the firewall itself.


This allows for HTTP, FTP, SMTP, POP3 and IMAP protocols to be inspected for viruses with the activation of a license. To enable and configure AV go to “Screening | Antivirus | Global”.


Protocols such as FTP, H.323 and other dynamic channel protocols can cause problems when creating the necessary firewall policies, due to the way thy dynamically choose/assign ports. To overcome this a subset of ALG`s were created for these protocols, which allow them to inspect the traffic/packets at the application layer and in turn allows the traffic through based on how the protocols function.

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial