apply screen to security zone

Owned by Jean-luc KRIKER
Last updated: Oct 30, 2020
2 min read





config
1- define a screen
set security screen ids-option test2 tcp port-scan threshold 1000


2- Apply to security zone
set security zones security-zone jlk_test screen  xxxxxxx
screen options
screen
root@SRX340-1-Rack104# set security screen ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> ids-option           Configure ids-option
> traceoptions         Trace options for Network Security Screen
> trap                 Configure trap interval
[edit]
root@SRX340-1-Rack104# set security screen ids-option ?
Possible completions:
  <name>               Screen object name
[edit]
root@SRX340-1-Rack104# set security screen ids-option test2 ?
Possible completions:
  alarm-without-drop   Do not drop packet, only generate alarm
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  description          Text description of screen
> icmp                 Configure ICMP ids options
> ip                   Configure IP layer ids options
> limit-session        Limit sessions
> tcp                  Configure TCP Layer ids options
> udp                  Configure UDP layer ids options
example ping-of-death attack https://www.juniper.net/documentation/en_US/junos-cc15.1/topics/reference/general/15.1x49-d60/configuring-ping-of-death.html




J-web

Configure > Security Services > Security Policy > Objects > Zones/Screens


https://www.juniper.net/documentation/en_US/jweb19.3/topics/task/configuration/j-web-security-policy-objects-screen-adding.html



Security Director

Devices > Security Devices

https://www.juniper.net/documentation/en_US/junos-space19.1/topics/task/configuration/junos-space-screen-configuration-security-device-modifying.html