Flow-based and Packet-based Processing
-
Support drop-flow to prevent security attack - (SRX Series Firewall, vSRX3.0, cSRX, NFX150, NFX250, and NFX350)—Starting in Junos OS Release 23.4R1, we support a new featue drop-flow to prevent security attack. You can control and limit the number of max-session for the drop-flow. The session in the drop-flow is valid for 4 seconds by default. During a drop-flow, the session state displays as
Drop
, but in the flow, the state remains asValid
.The drop-flow feature is enabled by default. To disable the feature, use the
set security flow drop-flow max-sessions 0
command. To delete only the drop-flow featue, use therun clear security flow session drop-flow
command.To view the current drop-flow configuration, use the
show security flow drop-flow
command, and the view all the available drop-flow, use theshow security flow session drop-flow
command.[See Flow Based Session.]