Juniper – Stateful and Stateless Data Processing

Stateful and Stateless Data Processing – JUNOS Software Security Configuration Guide.

 

Controlling Session Termination

set security flow aging early-ageout 2
set security flow aging high-watermark 90 low-watermark 50 
set security flow tcp-session tcp-initial-timeout 280 
set security flow tcp-session rst-invalidate-session

Disabling TCP Packet Security Checks

set security flow tcp-session no-syn-check
set security flow tcp-session no-sequence-check
set security flow tcp-mss ipsec-vpn mss 1400
set security flow tcp-mss gre-in mss 1364
set security flow tcp-mss gre-out mss 1364
set security flow tcp-mss all-tcp 1400

set security flow allow-dns-reply

set security flow route-change-timeout

set security flow syn-flood-protection-mode

Traffic Flow for Flow-Based Processing

Image g030006.gif

Traffic Flow for Packet-Based Processing

Image g030004.gif

This entry was posted in Juniper. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s