Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Configure the security screen options. For every security zone, you can enable a set of predefined screen options that detect and block various kinds of traffic that the device determines as potentially harmful.


ids-options screen-name

Name of the screen configured at the security screen ids-options level. Define screens for the intrusion detection service (IDS).


Configure trap interval. Enable or disable the sending of Simple Network Management Protocol (SNMP) notifications when the state of the connection changes. Traps are unsolicited messages sent from an SNMP agent to remote network management systems or trap receivers.


Set of IP addresses for allowlist. Configure an allowlist of IP addresses that are to be exempt from the SYN cookie and SYN proxy mechanisms that occur during the SYN flood screen protection process. An allowlist contains known trusted IP addresses and URLs. Content downloaded from locations on the allowlist does not have to be inspected for malware.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.

The description option added in Junos OS Release 12.1.

The tenant option is introduced in Junos OS Release 18.3R1.