Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


action (Security Rulebase IPS)


Hierarchy Level


Specify the actions you want IDP to take when the monitored traffic matches the attack objects specified in the rules.


  • no-action—No action is taken. Use this action when you want to only generate logs for some traffic.

  • ignore-connection—Stops scanning traffic for the rest of the connection if an attack match is found. IDP disables the rulebase for the specific connection.

  • mark-diffserv value—Assigns the indicated service-differentiation value to the packet in an attack, then passes them on normally.

  • class-of-service—Associates a class-of-service forwarding class as an action to the IDP policy; also sets the value of the DSCP code point. You can use the default forwarding class names or define new ones. Forwarding-class and dscp-code-point are optional, but one must be set.

  • drop-packet—Drops a matching packet before it can reach its destination but does not close the connection. Use this action to drop packets for attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping a connection for such traffic could result in a denial of service that prevents you from receiving traffic from a legitimate source-IP address.

  • drop-connection—Drops all packets associated with the connection, preventing traffic for the connection from reaching its destination. Use this action to drop connections for traffic that is not prone to spoofing.

  • close-client—Closes the connection and sends an RST packet to the client but not to the server.

  • close-server—Closes the connection and sends an RST packet to the server but not to the client.

  • close-client-and-server—Closes the connection and sends an RST packet to both the client and the server.

  • recommended—All predefined attack objects have a default action associated with them. This is the action that Juniper Networks recommends when that attack is detected.


The actions are listed in the ascending order of severity from low to high. The most severe action is used when there are multiple rule hits for a single session.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.