Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Mandatory Reject Rules for Invalid Fragments and Fragmented IP Packets

This topic describes how to configure mandatory reject rules for invalid fragments and fragmented IP packets that cannot be reassembled.

  1. Before you begin, log in with your root account on a Junos OS device running Junos OS Release 22.2 R1 S1 and edit the configuration.

Note:

You can enter the configuration commands in any order and commit all the commands at once.

To configure mandatory reject rules:

  1. Specify the flow configuration to forcefully reassemble the IP fragments.
  2. Delete the screen ID and the IDS options and enable the ICMP fragment IDS option.
  3. Delete the IP layer IDS option and enable the IP fragment blocking IDS option.