Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring Default Reject Rules for Source Address Spoofing

The following guidelines describe when to configure the default reject rules for source address spoofing:

  • When the source address is equal to the address of the network interface where the network packet was received.

  • When the source address is defined as being on a broadcast network.

  1. Before the administrator begin, log in with the Security Administrator account on a Junos OS device running Junos OS Release 23.4R1 and edit the configuration.

Note:

The administrator can enter the configuration commands in any order and commit all the commands at once.

To configure default reject rules to log source address spoofing:

  1. Configure the security screen features and enable the IP address spoofing IDS option.
    Note:

    The default action for security screens is to drop and log matching traffic with no configuration required for this.
  2. Specify the name of the security zone and the IDS option object applied to the zone.