[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Setting Strict Syn Checking

With strict SYN checking enabled, the Juniper Networks device enables the strict three-way handshake check for the TCP session. It enhances security by dropping data packets before the three-way handshake is done. By default, strict-syn-check is disabled.

Before You Begin

For background information, read Understanding Attacker Evasion Techniques.

You can use either J-Web or the CLI configuration editor to configure strict SYN checking. TCP strict SYN checking is disabled by default.

Note: strict-syn-check cannot be enabled if no-syn-check or no-syn-check-in-tunnel is enabled.

This topic covers:

J-Web Configuration

To enable strict SYN checking:

  1. Select Configure>CLI Tools>Point and Click CLI.
  2. Next to Security, click Configure or Edit.
  3. Next to flow, click Configure.
  4. Next to Tcp session, click Configure.
  5. Next to Strict syn check, select the check box and click OK.
  6. To save and commit the configuration, click Commit.

CLI Configuration

user@host# set security flow tcp-session strict-syn-check

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]