Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

security-service (Security Forwarding Options)

Syntax

Hierarchy Level

Description

The system resource management guarantees the resources are used according to priorities. the fail-open/fail-close impacts the new session creation only when the system resource is busy.

  • If system resource is not busy, fail-open/fail-close won't take effect. No impact to traffic.

  • If system resource is busy and the new session need not be created with Layer 7 services that require the system resource, then no impact to traffic.

  • . If system resource is busy, and the new session needs be created with Layer 7 services that require the system resource:

    • Fail-close (default), drops the packet and won't create the session

    • Fail-open, creates a flow session without the Layer 7 services that require the resource, and forward the packet out.

Options

  • fail-open—Ignores Layer 7 services with resource requirements, creates a flow session without Layer 7 services, and forward the packet out.

Required Privilege Level

security—To view this in the configuration.

security-control—To add this to the configuration.

Release Information

Support on SRX Series Firewalls for flow based security-service in Junos OS Release 20.4R1.

Related Documentation