Security Mode Configuration Commands
162
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
Attack Check Commands
security firewall attack_checks configure ipv4
This command configures ipv4 WAN and LAN security attack checks. After you have issued
the security firewall attack_checks configure ipv4 command, you enter the
security-config [attack-checks-ipv4] mode, and then you can edit one keyword and
associated parameter or associated keyword at a time in the order that you prefer.
Command example:
SRX5308>
security firewall attack_checks configure ipv4
security-config[attack-checks-ipv4]>
respond_to_ping_on_internet_ports N
security-config[attack-checks-ipv4]>
enable_stealth_mode Y
security-config[attack-checks-ipv4]>
block_tcp_flood Y
security-config[attack-checks-ipv4]>
block_udp_flood N
security-config[attack-checks-ipv4]>
disable_ping_reply_on_lan Y
security-config[attack-checks-ipv4]>
save
Step 1 Format security firewall attack_checks configure ipv4
Mode security
Step 2 Format respond_to_ping_on_internet_ports {Y | N}
enable_stealth_mode {Y | N}
block_tcp_flood {Y | N}
block_udp_flood {Y | N}
disable_ping_reply_on_lan {Y | N}
Mode security-config [attack-checks-ipv4]
Keyword Associated Keyword
to Select
Description
WAN security checks
respond_to_ping_on_internet_ports Y or N Enables or disables the response to a
ping from the WAN port.
enable_stealth_mode Y or N Enables or disables stealth mode.
block_tcp_flood Y or N Blocks or allows TCP floods on the WAN
port.
LAN security checks
block_udp_flood Y or N Blocks or allows UDP floods on LAN
ports.
disable_ping_reply_on_lan Y or N Enables or disables ping replies from
LAN ports.
To Next Page
Loading...
