Example: Dropping Fragmented IP Packets (CLI)

The following example shows how to configure the block-frag screen to drop fragmented IP packets originating from the zone security zone.

To drop fragmented IP packets:

1. Configure the block-frag screen:

   user@host# set security screen ids-option block-frag ip block-frag

2. Configure the zone security zone:

   user@host# set security zones security-zone zone screen block-frag

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices