Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Default Reject Rules for Source Address Spoofing

 

The following guidelines describe when to configure the default reject rules for source address spoofing:

  • When the source address is equal to the address of the network interface where the network packet was received.

  • When the source address does not belong to the networks associated with the network interface where the network packet was received.

  • When the source address is defined as being on a broadcast network.

  • Before you begin, log in with your root account on a Junos OS device running Junos OS Release 20.2R1and edit the configuration.

Note

You can enter the configuration commands in any order and commit all the commands at once.

To configure default reject rules to log source address spoofing:

  1. Configure the security screen features and enable the IP address spoofing IDS option.
  2. Specify the name of the security zone and the IDS option object applied to the zone.