- sensor-configuration {
-
- application-identification
{
- application-system-cache;
- application-system-cache-timeout value ;
- disable;
- max-packet-memory value ;
- max-sessions value ;
- max-tcp-session-packet-memory value ;
- max-udp-session-packet-memory value ;
- }
-
- detector {
-
- protocol-name protocol-name
{
-
- tunable-name tunable-name
{
- tunable-value protocol-value
;
- }
- }
- }
-
- flow {
- (allow-icmp-without-flow
| no-allow-icmp-without-flow);
- (log-errors | no-log-errors);
- max-timers-poll-ticks value ;
- reject-timeout value ;
- (reset-on-policy | no-reset-on-policy);
- }
-
- global {
- (enable-all-qmodules | no-enable-all-qmodules);
- (enable-packet-pool | no-enable-packet-pool);
- (policy-lookup-cache | no-policy-lookup-cache);
- }
-
- ips {
- detect-shellcode;
- ignore-regular-expression;
- log-supercede-min minimum-value
;
- pre-filter-shellcode;
- process-ignore-s2c;
- process-override;
- process-port port-number ;
- }
-
- log {
- cache-size size ;
-
- suppression {
- disable;
- include-destination-address;
- max-logs-operate value ;
- max-time-report value ;
- start-log value ;
- }
- }
-
- re-assembler {
- ignore-mem-overflow;
- max-flow-mem value ;
- max-packet-mem value ;
- }
-
- ssl-inspection {
- sessions number ;
- }
- }
- [edit security idp]
Statement introduced in Release 9.2 of JUNOS software.
Configure various IDP parameters to match the properties of transiting network traffic.
This statement is supported on SRX-series devices.
The remaining statements are explained separately.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.