deny (Security SIP)
Syntax
deny {
all {
timeout value-in-seconds;
}
destination-ip address;
timeout value-in-seconds;
}
Hierarchy Level
[edit logical-systems name security alg sip application-screen protect], [edit logical-systems name tenants name security alg sip application-screen protect], [edit security alg sip application-screen protect], [edit services alg sip application-screen protect], [edit tenants name security alg sip application-screen protect]
Description
Protect servers against INVITE attacks.
Options
all—Configure the Session Initiation Protocol (SIP) application screen to protect servers at all destination IP addresses against INVITE attacks.destination-ipaddress—Configure the SIP application screen to protect the server at this destination IP address against INVITE attacks. You can include up to 16 destination IP addresses of servers to be protected. Enabling this option disables the all option.timeoutvalue-in-seconds—Amount of time (inseconds) to make an attack table entry for each INVITE, which is listed in the application screen.
Range: 1 through 3600 seconds
Default: 5 seconds
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.