Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


reject (Security)


Hierarchy Level


Block the service at the firewall. The device drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP “destination unreachable, port unreachable” message (type 3, code 3) for UDP traffic. For types of traffic other than TCP and UDP, the device drops the packet without notifying the source host, which is also what occurs when the action is deny.

You can configure reject action with one of the following options for the dynamic-applications:

  • profile - You can chose to provide a notification to the clients or redirect client request to an informative Web page when a policy blocks HTTP or HTTPS traffic with a deny or reject action. To apply a profile, you must define the redirect profile for the dynamic applications.

  • ssl-proxy - You can apply a redirect SSL proxy profile when a policy blocks HTTPS traffic with a reject action. When you apply am SSL proxy profile, SSL proxy decrypts the traffic and application identification functionality identifies the application. Next, you can take action to redirect or drop the traffic as per the configuration.



Profile for redirect HTTP/HTTPS traffic.


SSL proxy profile for decrypt HTTPS traffic.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Starting in Junos OS Release 19.2, options profile and ssl-proxy are added.