action

Syntax

Hierarchy Level

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Specify the actions you want IDP to take when the monitored traffic matches the attack objects specified in the rules.

This statement is supported on SRX-series devices.

Options

• close-client—Closes the connection and sends an RST packet to the client but not to the server.
• close-client-and-server—Closes the connection and sends an RST packet to both the client and the server.
• close-server—Closes the connection and sends an RST packet to the server but not to the client.
• drop-connection—Drops all packets associated with the connection, preventing traffic for the connection from reaching its destination. Use this action to drop connections for traffic that is not prone to spoofing.
• drop-packet—Drops a matching packet before it can reach its destination but does not close the connection. Use this action to drop packets for attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping a connection for such traffic could result in a denial of service that prevents you from receiving traffic from a legitimate source-IP address.
• ignore-connection—Stops scanning traffic for the rest of the connection if an attack match is found. IDP disables the rulebase for the specific connection.
• mark-diffserv value —Assigns the indicated service-differentiation value to the packet in an attack, then passes them on normally.
• no-action—No action is taken. Use this action when you want to only generate logs for some traffic.
• recommended—All predefined attack objects have a default action associated with them. This is the action that Juniper Networks recommends when that attack is detected.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.