Example: Disabling TCP Packet Security Checks for J Series Services Routers

This example shows how to disable TCP SYN checks and TCP sequence checks on all TCP sessions.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin:

Review TCP packets and security checks. See JUNOS Software Feature Support Reference for SRX Series and J Series Devices.

Overview

JUNOS Software provides a mechanism to disable security checks on TCP packets to ensure interoperability with hosts and routers with faulty TCP implementations.

Configuration

Step-by-Step Procedure

To disable TCP SYN checks and TCP sequence checks on all TCP sessions:

1. Disable TCP SYN checks on all TCP sessions.
   
   

   [edit security flow]

   
   
   

   user@host# set tcp-session no-syn-check
2. Disable TCP sequence checks on all TCP sessions.
   
   

   [edit security flow]

   
   
   

   user@host# set tcp-session no-sequence-check
3. If you are done configuring the device, commit the configuration.
   
   

   [edit]

   
   
   

   user@host# commit

Verification

Verify the configuration is working properly by entering the show security flow command.

Related Topics

• JUNOS Software Feature Support Reference for SRX Series and J Series Devices
• Understanding Session Characteristics for J Series Services Routers
• Example: Controlling Session Termination for J Series Services Routers
• Example: Accommodating End-to-End TCP Communication for J Series Services Routers