Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


limit-session (IDS Screen Next Gen Services)


Hierarchy Level


Configure session limits for individual destination or source addresses, or for individual destination or source subnets. This protects against network probing attacks and network flooding attacks. You can specify limits for specific protocols (ICMP, TCP, and UDP), or specify limits independent of a protocol. When a session limit is exceeded for a source or destination, packets from the source or to the destination are dropped until the session limit is no longer exceeded.

To specify limits for destination or source subnets rather than individual addresses, include the aggregations statement at the [edit services screen ids-option screen-name] hierarchy level.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

interface—To view this statement in the configuration.

interface-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 19.3R2.