ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Protection on the number of connection

[ Edited ]
‎08-19-2016 07:52 AM

Is there any way to put limitation on the number of the connection on netscreen coming from internet on the single destination IP.

I am aware of one feature Scree option where i can put screening on the packet coming from any specific zone and limit the number of session on the dst or source. But can i do it on some specific Ip as well?

3 REPLIES 3
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Protection on the number of connection

‎08-19-2016 08:32 AM

screen can be configured for source and destination both, please check the below KB for more details:

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB4818&actp=search

 

BR,

Vikas

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Protection on the number of connection

‎08-20-2016 06:13 AM

You select your desired protections for the zone level here:

 

Security > Screening > Screen

Select your untrust zone from the pick list

 

For source address based attacks, in addition to the syn flood settings noted above, also look at what you would want in the scan section.

 

Screen Shot 2016-08-20 at 9.09.37 AM.png

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Protection on the number of connection

‎08-20-2016 09:25 AM

Hello,

 

Screening for only a single destination IP is not possible. Options given so far are applicable to all the source or destination IPs.

 

Per policy screening is application to source IPs only.

 

Regards,

 

Rushi

Feedback