Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


protocols (Security Zones Interfaces)


Hierarchy Level


Specify the types of routing protocol traffic that can reach the device on a per-interface basis.


  • protocol-name —Protocol for which traffic is allowed. The following protocols are supported:

    • all—Enable traffic from all possible protocols available.

    • bfd—Enable incoming Bidirectional Forwarding Detection (BFD) Protocol traffic.

    • bgp—Enable incoming BGP traffic.

    • dvmrp—Enable incoming Distance Vector Multicast Routing Protocol (DVMRP) traffic.

    • igmp—Enable incoming Internet Group Management Protocol (IGMP) traffic.

    • ldp—Enable incoming Label Distribution Protocol (LDP) traffic (UDP and TCP port 646).

    • msdp—Enable incoming Multicast Source Discovery Protocol (MSDP) traffic.

    • nhrp—Enable incoming Next Hop Resolution Protocol (NHRP) traffic.

    • ospf—Enable incoming OSPF traffic.

    • ospf3—Enable incoming OSPF version 3 traffic.

    • pgm—Enable incoming Pragmatic General Multicast (PGM) protocol traffic (IP protocol number 113).

    • pim—Enable incoming Protocol Independent Multicast (PIM) traffic.

    • rip—Enable incoming RIP traffic.

    • ripng—Enable incoming RIP next generation traffic.

    • router-discovery—Enable incoming router discovery traffic.

    • rsvp—Enable incoming Resource Resolution Protocol (RSVP) traffic (IP protocol number 46).

    • sap— Enable incoming Session Announcement Protocol (SAP) traffic. SAP always listens on

    • vrrp—Enable incoming Virtual Router Redundancy Protocol (VRRP) traffic.

except—(Optional) except can only be used if all has been defined.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.