Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Flow-based and Packet-based Processing

  • Support drop-flow to prevent security attack - (SRX Series Firewall, vSRX3.0, cSRX, NFX150, NFX250, and NFX350)—Starting in Junos OS Release 23.4R1, we support a new featue drop-flow to prevent security attack. You can control and limit the number of max-session for the drop-flow. The session in the drop-flow is valid for 4 seconds by default. During a drop-flow, the session state displays as Drop, but in the flow, the state remains as Valid.

    The drop-flow feature is enabled by default. To disable the feature, use the set security flow drop-flow max-sessions 0 command. To delete only the drop-flow featue, use the run clear security flow session drop-flow command.

    To view the current drop-flow configuration, use the show security flow drop-flow command, and the view all the available drop-flow, use the show security flow session drop-flow command.

    [See Flow Based Session.]