Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

syn-ack-ack-proxy (IDS Screen Next Gen Services)

Syntax

Hierarchy Level

Description

Configure the maximum number of connections from an IP address that can be opened without being completed. Once this threshold has been reached, further connection requests are rejected. In the SYN-ACK-ACK attack, the session table can fill up, resulting in the device rejecting legitimate connection requests.

Options

threshold number

Maximum number of uncompleted connections from any single IP address.

  • Range: 1 through 250,000

  • Default: 512

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.3R2.

Related Documentation