Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • Attack Detection and Prevention Overview
  • Example: Configuring Multiple Screening Options
  • Security Configuration Statement Hierarchy

[edit security screen] Hierarchy Level

security {screen {ids-option screen-name { alarm-without-drop;description text;icmp {flood {threshold number;}fragment;icmpv6-malformed;ip-sweep {threshold number;}large;ping-death;}ip {bad-option;block-frag;ipv6-extension-header {AH-header;ESP-header;HIP-header;destination-header {ILNP-nonce-option;home-address-option;line-identification-option;tunnel-encapsulation-limit-option;user-defined-option-type <type-low> to <type-high>;}fragment-header;hop-by-hop-header {CALIPSO-option;RPL-option;SFM-DPD-option;jumbo-payload-option; quick-start-option;router-alert-option;user-defined-option-type <type-low> to <type-high>;}mobility-header;no-next-header;routing-header;shim6-headeruser-defined-option-type <type-low> to <type-high>;}ipv6-extension-header-limit limit; ipv6-malformed-header;loose-source-route-option;record-route-option;security-option;source-route-option;spoofing;stream-option;strict-source-route-option;tear-drop;timestamp-option;unknown-protocol;tunnel {gre {gre-4in4;gre-4in6;gre-6in4;gre-6in6;}ip-in-udp {teredo;}ipip {ipip-4in4;ipip-4in6;ipip-6in4;ipip-6in6;ipip-6over4;ipip-6to4relay;isatap;dslite;}bad-inner-header;}}limit-session {destination-ip-based number;source-ip-based number;}tcp {fin-no-ack;land;port-scan {threshold number;}syn-ack-ack-proxy {threshold number;}syn-fin;syn-flood {alarm-threshold number;attack-threshold number;destination-threshold number;source-threshold number;timeout seconds;white-list name {destination-address destination-address;source-address source-address;}}syn-frag;tcp-no-flag;tcp-sweep {threshold threshold number;}winnuke;}udp {flood {threshold number;}udp-sweep {threshold threshold number;}}}}traceoptions {file filename {files number;match regular-expression;(no-world-readable | world-readable);size maximum-file-size;}flag flag;no-remote-trace;}trap {interval trap interval;}}}

Related Documentation

  • Attack Detection and Prevention Overview
  • Example: Configuring Multiple Screening Options
  • Security Configuration Statement Hierarchy

Modified: 2015-11-09