Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


session-limit (IDS MS-MPC)


Hierarchy Level


Configure the IDS rule session limits for an individual destination or source address or subnet. This protects against network probing attacks and network flooding attacks. This IDS rule can only be assigned to a service set on an MS-MPC.

You can specify limits for specific protocols (ICMP, TCP, and UDP), or specify limits independent of a protocol.

When a session limit is exceeded for a source or destination, packets from the source or to the destination are dropped until the session limit is no longer exceeded.

To specify limits for destination or source subnets rather than individual addresses, include the aggregation statement at the [edit services ids rule rule-name term term-name then] hierarchy level.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 17.1.