See the following sections:
- flow {
- (allow-icmp-without-flow
| no-allow-icmp-without-flow);
- (log-errors | no-log-errors);
- max-timers-poll-ticks value ;
- reject-timeout value ;
- (reset-on-policy | no-reset-on-policy);
- }
- [edit security idp sensor-configuration]
Statement introduced in Release 9.2 of JUNOS software.
Configure the IDP engine to manage the packet flow.
This statement is supported on SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- flow {
-
- aging {
- early-ageout seconds ;
- high-watermark percent ;
- low-watermark percent ;
- }
- allow-dns-reply;
- route-change-timeout seconds ;
- syn-flood-protection-mode
(syn-cookie | syn-proxy);
-
- tcp-mss {
-
- all-tcp {
- mss
value ;
- }
-
- gre-in {
- mss
value ;
- }
-
- gre-out {
- mss
value ;
- }
-
- ipsec-vpn {
- mss
value ;
- }
- }
-
- tcp-session {
- no-sequence-check;
- no-syn-check;
- no-syn-check-in-tunnel;
- rst-invalidate-session;
- rst-sequence-check;
- tcp-initial-timeout seconds
;
- }
-
- traceoptions {
- file
filename <files number > <size maximum-file-size >;
- <world-readable | no-world-readable>;
- flag
flag;
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
Determine how the device manages packet flow. The device can regulate packet flow in the following ways:
This statement is supported on J-series and SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.