[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

destination-threshold

Syntax

destination-threshold number ;

Hierarchy Level

[edit security screen ids-option screen-name tcp syn-flood]

Release Information

Statement modified in Release 9.2 of JUNOS software.

Description

Specify the number of SYN segments received per second for a single destination IP address before the device begins dropping connection requests to that destination. If a protected host runs multiple services, you might want to set a threshold based only on the destination IP address, regardless of the destination port number.

This statement is supported on J-series and SRX-series devices.

Options

number —Number of SYN segments received per second before the device begins dropping connection requests.

Range: 4 through 100000 per second
Default: 4000 per second

Note: For SRX-series devices the applicable range is 4 through 1000000 per second.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]