See the following sections:
- deny;
- [edit security policies
from-zone zone-name to-zone zone-name policy policy-name then]
Statement introduced in Release 8.5 of JUNOS software.
Block the service at the firewall. The device drops the packets.
This statement is supported on J-series and SRX-series devices.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- deny {
- all | destination-ip address ;
- timeout
seconds ;
- }
- [edit security alg sip application-screen
protect]
Statement introduced in Release 8.5 of JUNOS software.
Protect servers against INVITE attacks.
This statement is supported on J-series devices.
all—Configure the Session Initiation Protocol (SIP) application screen to protect servers at all destination IP addresses against INVITE attacks.
destination-ip address —Configure the SIP application screen to protect the server at this destination IP address against INVITE attacks. You can include up to 16 destination IP addresses of servers to be protected. Enabling this option disables the all option.
timeout seconds —Amount of time (in seconds ) to make an attack table entry for each INVITE, which is listed in the application screen.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.