Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

tcp-non-syn

Syntax

Hierarchy Level

Description

Specify how the first non-SYN TCP packet is processed on services PICs. When a services PIC receives the first non-SYN TCP packet for processing, the packet is dropped.

Options

drop-flow

When a services PIC receives the first non-SYN TCP packet for processing, the packet is dropped.

A drop flow created on the services PIC ensures that subsequent non-SYN TCP packets with the same 5-tuple information (source and destination addresses, protocol, and source and destination ports) are dropped. If this statement is not configured, a session is created when a packet hits the services set and matches the stateful firewall rule even if the packet is a non-SYN packet.
drop-flow-send-rst

When a services PIC receives the first non-SYN TCP packet for processing, the packet is dropped and a reset packet is sent to originator to ensure that no further packets are generated.

A drop flow created on the services PIC ensures that subsequent non-SYN TCP packets with the same 5-tuple information (source and destination addresses, protocol, and source and destination ports) are dropped. If this statement is not configured, a session is created when a packet hits the services set and matches the stateful firewall rule even if the packet is a non-SYN packet.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 16.1R2.

Related Documentation