Example: Disabling TCP Packet Security Checks for J Series Services Routers

This example shows how to disable TCP SYN checks and TCP sequence checks on all TCP sessions.

• Requirements
• Overview
• Configuration
• Verification

Requirements

Before you begin, review TCP packets and security checks. See Junos OS Feature Support Reference for SRX Series and J Series Devices.

Overview

Junos OS provides a mechanism to disable security checks on TCP packets to ensure interoperability with hosts and routers with faulty TCP implementations.

Configuration

Step-by-Step Procedure

To disable TCP SYN checks and TCP sequence checks on all TCP sessions:

1. Disable TCP SYN checks on all TCP sessions.
   [edit security flow]
   user@host# set tcp-session no-syn-check
2. Disable TCP sequence checks on all TCP sessions.
   [edit security flow]
   user@host# set tcp-session no-sequence-check
3. If you are done configuring the device, commit the configuration.
   [edit]
   user@host# commit

Verification

To verify the configuration is working properly, enter the show security flow command.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Understanding Session Characteristics for J Series Services Routers
• Example: Controlling Session Termination for J Series Services Routers
• Example: Accommodating End-to-End TCP Communication for J Series Services Routers