white-list (Security Screen)
Syntax
white-list name {
address [address...];
}Hierarchy Level
[edit logical-systems logical-system-name security screen], [edit security screen], [edit tenants tenant-name security screen] [edit logical-systems logical-system-name security screen ids-option screen-name udp flood], [edit security screen ids-option screen-name udp flood], [edit tenants tenant-name security screen ids-option screen-name udp flood]
Description
Configure a list of IP addresses that are exempted from UDP flood detection, which occur during the UDP flood screen protection process. This list of exempted addresses is called an allowlist.
You can use this statement to configure an allowlist of IP addresses that bypass UDP flood detection.
This statement is not supported to create UDP flood screen allowlists on SRX5400, SRX5600, and SRX5800 devices.
Both IPv4 and IPv6 allowlists are supported. Addresses in an allowlist must be all IPv4 or all IPv6. In each allowlist, there can be up to 32 IP addresses.
Options
name White-list name—The name of the allowlist.address address— The list of IP addresses. You can specify multiple addresses or address prefixes as a sequence of addresses separated by spaces and enclosed in square brackets. You can configure single address or subnet address.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 12.1.
Support for UDP flood screen allowlist introduced in Junos OS Release 17.4.
tenant option added in Junos OS Release 18.3R1.
Support for UDP and TCP flood screen allowlists added in Junos OS Release 20.3R1 for Next Gen Services on MX240, MX480 and MX960 routers.