Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    tcp-non-syn drop-flow

    Syntax

    tcp-non-syn drop-flow;

    Hierarchy Level

    [edit services service-set service-set-name service-set-options]

    Release Information

    Statement introduced in Junos OS Release 16.1R2.

    Description

    Specify how the first non-SYN TCP packet is processed on services PICs. When a services PIC receives the first non-SYN TCP packet for processing, the packet is dropped. A drop flow created on the services PIC ensures that subsequent non-SYN TCP packets with the same 5-tuple information(source and destination addresses, protocol, and source and destination ports) are dropped. If this statement is not configured, a session is created when a packet hits the services set and matches the stateful firewall rule even if the packet is a non-SYN packet.

    Required Privilege Level

    interface—To view this statement in the configuration.

    interface-control—To add this statement to the configuration.

    Modified: 2016-09-30