- destination-threshold number ;
- [edit security screen ids-option screen-name tcp syn-flood]
Statement modified in Release 9.2 of JUNOS software.
Specify the number of SYN segments received per second for a single destination IP address before the device begins dropping connection requests to that destination. If a protected host runs multiple services, you might want to set a threshold based only on the destination IP address, regardless of the destination port number.
This statement is supported on J-series and SRX-series devices.
number —Number of SYN segments received per second before the device begins dropping connection requests.
Note: For SRX-series devices the applicable range is 4 through 1000000 per second.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.