Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure IPS security policy sensor settings. The IPS sensor contains filters, signature entries, or both. These specify which signatures are included in the IPS sensor. You need to create an IPS sensor before specific signatures or filters can be chosen. The signatures can be added to a new sensor before it is saved. However, it is good practice to keep in mind that the sensor and its included filters are separate things, and that they are created separately. While individual signatures can be added to a sensor, a filter allows you to add multiple signatures to a sensor by specifying the characteristics of the signatures to be added.



Set the maximum memory allocation in kilobytes for content decompression.

The default memory allocation provides 33 KB per session for an average number of sessions requiring decompression at the same time. To determine if this value is consistent with your environment, analyze values from decompression-related counters and the total number of IDP sessions traversing the device. Estimate the number of sessions requiring decompression at the same time. Assuming that each of these sessions requires 33 KB of memory for decompression, compare your estimated needs to the default value.


Because content decompression requires a significant allocation of memory, system performance will be impacted by increasing the maximum memory allocation for decompression.

  • Range: 50 through 2,000,000 KB


Set the maximum decompression ratio of the size of decompressed data to the size of compressed data.

Some attacks are introduced through compressed content. When the content is decompressed, it can inflate to a very large size taking up valuable system resources resulting in denial of service. This type of attack can be recognized by the ratio of the size of decompressed data to the size of compressed data. Keep in mind, however, that a higher ratio lessens the chance of detecting this type of attack.

  • Range: 1 through 128


Enable to detect the shell code and prevent buffer overflow attacks. By default this setting is enabled.


Sets the maximum IPS FIFO size.

  • Range: 1 through 65,535


To detect intrusion attempts, you can enable regular expression by issuing the no-ignore-regular-expression command. By default, the no-ignore-regular-expression command is enabled. If you specify the ignore-regular-expression command, regular expression pattern matching will be disabled when detecting intrusion attempts.

  • Default: Regular expression is enabled by default.


Specify the amount of time to supersede the IPS sensor logs.

  • Syntax: minimum-value—Minimum time to supersede the log.

  • Default: 1 second

  • Range: 0 through 65,535


Don't detect shellcode


Don't ignore regular expression


Don't process ignore s2c


Don't process override


Set the command to disable the server-to-client inspection.


Set the command to forcefully run the IDS inspection module even if there is no policy match.


Set the command to a specific port to forcefully run the IDS inspection module on that TCP/UDP port even if there is no policy match.

  • Syntax: port-number—Port number.

  • Range: 0 through 65,535


Set the command specify the Session packet scanning depth.

  • Syntax: session-pkt-depth—Session packet depth.

  • Range: 0 through 1000000

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.