[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

protocol

See the following sections:

protocol (IPsec)

Syntax

protocol (ah | esp);

Hierarchy Level

[edit security ipsec proposal proposal-name ]

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Define the IPsec protocol for a manual or dynamic security association (SA).

This statement is supported on J-series and SRX-series devices.

Options

ah—Authentication Header protocol.

esp—Encapsulating Security Payload (ESP) protocol.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

protocol (Manual Security Association)

Syntax

protocol (ah | esp)

Hierarchy Level

[edit security ipsec vpn vpn-name manual]

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Define the IPsec protocol for the manual security association. (This statement is not supported on dynamic VPN implementations.)

This statement is supported on J-series and SRX-series devices.

Options

ah—Authentication Header protocol.

esp—ESP protocol (To use the ESP protocol, you must also use the tunnel statement at the [edit security ipsec security-association sa-name mode] hierarchy level.)

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

protocol (IP Headers in Signature Attack)

Syntax

protocol {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id ;
}

Hierarchy Level

[edit security idp custom-attack attack-name attack-type signature protocol ip]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Specify the Transport Layer protocol number.

This statement is supported on SRX-series devices.

Options

match (equal | greater-than | less-than | not-equal)—Match an operand.

value transport-layer-protocol-id —Match the Transport Layer protocol ID.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

protocol (Signature Attack)

Syntax

protocol {
icmp {
code {
match (equal | greater-than | less-than | not-equal);
value code-value ;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length ;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value ;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number ;
}
type {
match (equal | greater-than | less-than | not-equal);
value type-value ;
}
}
ip {
destination {
match (equal | greater-than | less-than | not-equal);
value hostname ;
}
identification {
match (equal | greater-than | less-than | not-equal);
value identification-value ;
}
ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}
protocol {
match (equal | greater-than | less-than | not-equal);
value transport-layer-protocol-id ;
}
source {
match (equal | greater-than | less-than | not-equal);
value hostname ;
}
tos {
match (equal | greater-than | less-than | not-equal);
value type-of-service-in-decimal ;
}
total-length {
match (equal | greater-than | less-than | not-equal);
value total-length-of-ip-datagram ;
}
ttl {
match (equal | greater-than | less-than | not-equal);
value time-to-live ;
}
}
tcp {
ack-number {
match (equal | greater-than | less-than | not-equal);
value acknowledgement-number ;
}
data-length {
match (equal | greater-than | less-than | not-equal);
value tcp-data-length ;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port ;
}
header-length {
match (equal | greater-than | less-than | not-equal);
value header-length ;
}
mss {
match (equal | greater-than | less-than | not-equal);
value maximum-segment-size ;
}
option {
match (equal | greater-than | less-than | not-equal);
value tcp-option ;
}
sequence-number {
match (equal | greater-than | less-than | not-equal);
value sequence-number ;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port ;
}
tcp-flags {
(ack | no-ack);
(fin | no-fin);
(psh | no-psh);
(r1 | no-r1);
(r2 | no-r2);
(rst | no-rst);
(syn | no-syn);
(urg | no-urg);
}
urgent-pointer {
match (equal | greater-than | less-than | not-equal);
value urgent-pointer ;
}
window-scale {
match (equal | greater-than | less-than | not-equal);
value window-scale-factor ;
}
window-size {
match (equal | greater-than | less-than | not-equal);
value window-size ;
}
}
udp {
data-length {
match (equal | greater-than | less-than | not-equal);
value data-length ;
}
destination-port {
match (equal | greater-than | less-than | not-equal);
value destination-port ;
}
source-port {
match (equal | greater-than | less-than | not-equal);
value source-port ;
}
}
}

Hierarchy Level

[edit security idp custom-attack attack-name attack-type signature]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Specify a protocol to match the header information for the signature attack.

This statement is supported on SRX-series devices.

Options

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]