Configuration
Step-by-Step Procedure
To block IP spoofing:
Configure the screen.
[edit ]
user@host# set security screen ids-option screen-1 ip spoofing
Enable the screen in the security zone.
[edit]
user@host# set security zone security-zone zone-1 screen screen-1
If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying the Screens in the Security Zone
Purpose
Verify that the screen is enabled in the security zone.
Action
From operational mode, enter the show security zones command.
[edit]
user@host> show security zones
Security zone: zone-1
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Screen: screen-1
Interfaces bound: 1
Interfaces:
ge-1/0/0.0
Verifying the Security Screen Configuration
Purpose
Display the configuration information about the security screen.
Action
From operational mode, enter the show security screen ids-option screen-name command.
[edit]
user@host> show security screen ids-option screen-1
Screen object status:
Name Value
IP spoofing enabled
Step-by-Step Procedure
To block IP spoofing:
Configure the screen.
[edit ]
user@host# set security screen ids-option screen-1 ip spoofing
Enable the screen in the security zone.
[edit]
user@host# set security zone security-zone zone-1 screen screen-1
If you are done configuring the device, commit the configuration.
[edit]
user@host# commit
Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying the Screens in the Security Zone
Purpose
Verify that the screen is enabled in the security zone.
Action
From operational mode, enter the show security zones command.
[edit]
user@host> show security zones
Security zone: zone-1
Send reset for non-SYN session TCP packets: Off
Policy configurable: Yes
Screen: screen-1
Interfaces bound: 1
Interfaces:
ge-1/0/0.0
Verifying the Security Screen Configuration
Purpose
Display the configuration information about the security screen.
Action
From operational mode, enter the show security screen ids-option screen-name command.
[edit]
user@host> show security screen ids-option screen-1
Screen object status:
Name Value
IP spoofing enabled
