Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

by-protocol (IDS Screen Next Gen Services)

Syntax

Hierarchy Level

Description

Configure session limits for individual destination or source addresses, or for individual destination or source subnets, for the specified protocol. This protects against network probing attacks and network flooding attacks. When a session limit is exceeded for a source or destination for the protocol, packets from the source or to the destination are dropped until the session limit is no longer exceeded.

To specify limits for destination or source subnets rather than individual addresses, include the aggregations statement at the [edit services screen ids-option screen-name] hierarchy level.

Options

icmp

Apply session limits to ICMP packets.

maximum-sessions number

Specify the maximum number of concurrent ICMP sessions allowed for individual destination or source addresses, or for individual destination or source subnets.
packet-rate number

Specify the maximum number of ICMP packets per second allowed for individual destination or source addresses, or for individual destination or source subnets.
session-rate number

Specify the maximum number of ICMP connections per second allowed for individual destination or source addresses, or for individual destination or source subnets.
tcp

Apply session limits to TCP packets.

maximum-sessions number

Specify the maximum number of concurrent TCP sessions allowed for individual destination or source addresses, or for individual destination or source subnets.
packet-rate number

Specify the maximum number of TCP packets per second allowed for individual destination or source addresses, or for individual destination or source subnets.
session-rate number

Specify the maximum number of TCP connections per second allowed for individual destination or source addresses, or for individual destination or source subnets.
udp

Apply session limits to UDP packets.

maximum-sessions number

Specify the maximum number of concurrent UDP sessions allowed for individual destination or source addresses, or for individual destination or source subnets.
packet-rate number

Specify the maximum number of UDP packets per second allowed for individual destination or source addresses, or for individual destination or source subnets.
session-rate number

Specify the maximum number of UDP connections per second allowed for individual destination or source addresses, or for individual destination or source subnets.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.3R2.

Related Documentation