See the following sections:
- screen {
-
-
ids-option screen-name {
-
- alarm-without-drop;
-
- icmp {
-
- flood {
- threshold number
;
- }
- fragment;
-
- ip-sweep {
- threshold number
;
- }
- large;
- ping-death;
- }
-
- ip {
- bad-option;
- block-frag;
- loose-source-route-option;
- record-route-option;
- security-option;
- source-route-option;
- spoofing;
- stream-option;
- strict-source-route-option;
- tear-drop;
- timestamp-option;
- unknown-protocol;
- }
-
- limit-session {
- destination-ip-based number
;
- source-ip-based number ;
- }
-
- tcp {
- fin-no-ack;
- land;
-
- port-scan {
- threshold number
;
- }
-
- syn-ack-ack-proxy {
- threshold number
;
- }
- syn-fin;
-
- syn-flood {
- alarm-threshold number
;
- attack-threshold number
;
- destination-threshold number
;
- source-threshold number
;
- timeout
seconds ;
- }
- syn-frag;
- tcp-no-flag;
- winnuke;
- }
-
- udp {
-
- flood {
- threshold number
;
- }
- }
- }
-
- traceoptions {
- file
filename <files number
> <match regular-expression >
- <size maximum-file-size
> <world-readable | no-world-readable>;
- flag
flag ;
- }
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
Configure security screen options.
This statement is supported on J-series and SRX-series devices.
screen-name —Name of the screen configured at security screen ids-options level.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
- screen
screen-name
;
- [edit security zones functional-zone management],
- [edit security zones security-zone
zone-name
]
Statement introduced in Release 8.5 of JUNOS software.
Specify a security screen for a security zone.
This statement is supported on J-series and SRX-series devices.
screen-name —Name of the screen.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.