Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring Screen Options for a User Logical System

    This example shows how to configure screen options for a user logical system.

    Requirements

    Before you begin:

    Overview

    This example configures the ls-product-design user logical system shown in Example: Creating User Logical Systems, Their Administrators, Their Users, and an Interconnect Logical System.

    You can limit the number of concurrent sessions to the same destination IP address in a user logical system. Setting a destination-based session limit can ensure that Junos OS allows only an acceptable number of concurrent connection requests—no matter what the source—to reach any one host. When the number of concurrent connection requests to an IP address surpasses the limit, Junos OS blocks further connection attempts to that IP address. This example creates the screen options described in Table 1.

    Table 1: User Logical System Screen Options Configuration

    Name

    Configuration Parameters

    limit-destination-sessions

    • Limits concurrent connection requests to destination IPs to 80.
    • Applied to ls-product-design-untrust zone.

    Configuration

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    set security screen ids-option limit-destination-sessions limit-session destination-ip-based 80set security zones security-zone ls-product-design-untrust screen limit-destination-sessions

    Step-by-Step Procedure

    The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide PDF Document.

    To configure destination-based session limits in a user logical system:

    1. Log in to the user logical system as the logical system administrator and enter configuration mode.
      lsdesignadmin1@host:ls-product-design> configurelsdesignadmin1@host:ls-product-design#
    2. Configure a screen option for a destination-based session limit.
      [edit security]lsdesignadmin1@host:ls-product-design# set screen ids-option limit-destination-sessions limit-session destination-ip-based 80
    3. Set the security zone for the screen option.
      [edit security]lsdesignadmin1@host:ls-product-design# set zones security-zone ls-product-design-untrust screen limit-destination-sessions

    Results

    From configuration mode, confirm your configuration by entering the show security screen and show security zone commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

    For brevity, this show command output includes only the configuration that is relevant to this example. Any other configuration on the system has been replaced with ellipses (...).

    lsdesignadmin1@host:ls-product-design# show security screenids-option limit-destination-sessions {limit-session {destination-ip-based 80;}}lsdesignadmin1@host:ls-product-design# show security zonessecurity-zone ls-product-design-trust {...}security-zone ls-product-design-untrust {screen limit-destination-sessions;...}

    If you are done configuring the device, enter commit from configuration mode.

     

    Related Documentation

     

    Published: 2012-06-29

    Previous Page Next Page