Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Default Reject Rules for Source Address Spoofing

The following guidelines describe when to configure the default reject rules for source address spoofing:

  • When the source address is equal to the address of the network interface where the network packet was received.

  • When the source address does not belong to the networks associated with the network interface where the network packet was received.

  • When the source address is defined as being on a broadcast network.

  1. Before you begin, log in with your root account on a Junos OS device running Junos OS Release 22.2R2 and edit the configuration.

Note:

You can enter the configuration commands in any order and commit all the commands at once.

To configure default reject rules to log source address spoofing:

  1. Configure the security screen features and enable the IP address spoofing IDS option.
  2. Specify the name of the security zone and the IDS option object applied to the zone.