reject (Security)
Syntax
reject {
profile redirect-profile-name;
ssl-proxy {
profile-name ssl-proxy-profile-name;
}
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name then]
Description
Block the service at the firewall.
The device drops the packet and sends a TCP reset (RST) segment to
the source host for TCP traffic and an ICMP “destination unreachable,
port unreachable” message (type 3, code 3) for UDP traffic.
For types of traffic other than TCP and UDP, the device drops the
packet without notifying the source host, which is also what occurs
when the action is deny.
You can configure reject action with one of the following options for the dynamic-applications:
profile - You can chose to provide a notification to the clients or redirect client request to an informative Web page when a policy blocks HTTP or HTTPS traffic with a deny or reject action. To apply a profile, you must define the redirect profile for the dynamic applications.
ssl-proxy - You can apply a redirect SSL proxy profile when a policy blocks HTTPS traffic with a reject action. When you apply am SSL proxy profile, SSL proxy decrypts the traffic and application identification functionality identifies the application. Next, you can take action to redirect or drop the traffic as per the configuration.
Options
| profile | Profile for redirect HTTP/HTTPS traffic. |
| SSL-proxy | SSL proxy profile for decrypt HTTPS traffic. |
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5. Starting in Junos OS Release 19.2, options profile and ssl-proxy are added.