With strict SYN checking enabled, the Juniper Networks device enables the strict three-way handshake check for the TCP session. It enhances security by dropping data packets before the three-way handshake is done. By default, strict-syn-check is disabled.
Before You Begin |
---|
For background information, read Understanding Attacker Evasion Techniques. |
You can use either J-Web or the CLI configuration editor to configure strict SYN checking. TCP strict SYN checking is disabled by default.
![]() |
Note: strict-syn-check cannot be enabled if no-syn-check or no-syn-check-in-tunnel is enabled. |
This topic covers:
To enable strict SYN checking: