Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring tcp-no-flag Attack Screen

 

This topic describes how to configure detection of a tcp-no-flag attack.

A TCP segment with no control flags set is an anomalous event causing various responses from the recipient. When the TCP no-flag is enabled, the device detects the TCP segment headers with no flags set, and drops all TCP packets with missing or malformed flag fields.

To enable detection of a tcp-no-flag option:

  1. Configure interfaces and assign an IP address to the interfaces.
  2. Configure security zones trustZone and untrustZone and assign interfaces to them.
  3. Configure security policies from untrustZone to trustZone.
  4. Configure security screens and attach them to untrustZone.
  5. Configure syslog.
  6. Commit the configuration.