no-sequence-check

Syntax

no-sequence-check;

Hierarchy Level

[edit security flow tcp-session]

Release Information

Statement introduced in Release 8.5 of Junos OS.

Description

Specify that the device does not check sequence numbers in TCP segments during stateful inspection. By default, the device monitors the sequence numbers in TCP segments. The device detects the window scale specified by source and destination hosts in a session and adjusts a window for an acceptable range of sequence numbers according to their specified parameters. The device then monitors the sequence numbers in packets sent between these hosts. If the device detects a sequence number outside this range, it drops the packet.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.