Example: Setting Source-Based Session Limits (CLI)

The following example shows you how to limit the amount of sessions that any one server in the DMZ and zone_a zones can initiate. Because the DMZ zone only contains webservers, none of which should initiate traffic, you set the source-session limit at the lowest possible value: 1 session. On the other hand, the zone_a zone contains personal computers, servers, printers, and so on, many of which do initiate traffic. For the zone_a zone, you set the source-session limit maximum to 80 concurrent sessions.

user@host# set security screen ids-option 1-limit-session limit-session source-ip-based 1user@host# set security screen ids-option 100-limit-session limit-session source-ip-based 100user@host# set security screen ids-option 80-limit-session limit-session source-ip-based 80user@host# set security zones security-zone dmz screen 100-limit-sessionuser@host# set security zones security-zone zone_a screen 100-limit-session

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.