Example: Dropping IP Packets Containing SYN Fragments (CLI)

The following example shows how to configure the syn-frag screen to drop fragmented SYN packets originating from the zone security zone.

To drop IP packets containing SYN fragments:

1. Configure the syn-frag screen:

   user@host# set security screen ids-option syn-frag tcp syn-frag

2. Configure the zone security zone:

   user@host# set security zones security-zone zone screen syn-frag

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices