ids-option (IDS Screen Next Gen Services)
Syntax
ids-option screen-name {
destination-prefix-ipv6-mask prefix-length;
destination-prefix-mask prefix-length;
source-prefix-ipv6-mask prefix-length;
source-prefix-mask prefix-length;
}
ip {
AH-header;
ESP-header;
fragment-header;
hop-by-hop-header {
CALIPSO-option;
jumbo-payload-option;
quick-start-option;
router-alert-option;
RPL-option;
SFM-DPD-option;
user-defined-option-type <type-low> to <type-high>;
}
mobility-header;
routing-header;
}
}
icmp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
tcp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
udp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
}
maximum-sessions number;
packet-rate number;
session-rate number;
}
icmp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
tcp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
udp {
maximum-sessions number;
packet-rate number;
session-rate number;
}
}
maximum-sessions number;
packet-rate number;
session-rate number;
}
}
match-direction (input | output | input-output)
}
Hierarchy Level
[edit services screen]
Release Information
Statement introduced in Junos OS Release 19.3R2 on MX Series routers (MX240, MX480 and MX960) running Next Gen Services with the MX-SPC3 services card.
Description
Configure a set of intrusion detection service (IDS) options, called a screen. IDS provides protection against network attacks.
Options
ids-option screen-name—Name of the IDS screen.
match-direction (input | output | input-output)—Specify whether the IDS screen filtering is applied
on the input or output side of the interface:
input—Apply the filtering
on the input side of the interface.
input-output—Apply
the filtering on both sides of the interface.
output—Apply the filtering
on the output side of the interface.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.