Robust protection against DDoS attacks on IKE protocol with iked process

You can efficiently monitor and mitigate DDoS attacks on IKEv1 and IKEv2 protocols when your firewall runs the iked process for the IPsec VPN service.

To support the feature, we introduce the following configuration statements at the [edit security ike] hierarchy level:

session-Tune parameters to manage the behavior of negotiations with the remote peers to protect the security associations. Configure the parameters at the [edit security ike session halfopen] and [edit security ike session full-open] hierarchy levels.
blocklists-Define multiple blocklists and their associated rules for blocking an IKE ID. Configure the blocklists at the [edit security ike session blocklists] hierarchy level. You must attach a blocklist to one or more IKE policies at the [edit security ike policy policy-name blocklist blocklist-name ] hierarchy level.

Use the following commands to view and clear statistics and other details about the in-progress, failed, blocked, and backoff peers:

show security ike peer statistics and show security ike peer.
clear security ike peers statistics and clear security ike peers.

Product / Application	Software	Introduced Release
MX240	Junos OS	23.4R1
MX480	Junos OS	23.4R1
MX960	Junos OS	23.4R1
SRX1500	Junos OS	23.4R1
SRX1600	Junos OS	23.4R1
SRX2300	Junos OS	23.4R1
SRX4100	Junos OS	23.4R1
SRX4120	Junos OS	25.2R1
SRX4200	Junos OS	23.4R1
SRX4600	Junos OS	23.4R1
SRX4700	Junos OS	24.4R1-S2
SRX5400	Junos OS	23.4R1
SRX5600	Junos OS	23.4R1
SRX5800	Junos OS	23.4R1

Feature Explorer AI

Robust protection against DDoS attacks on IKE protocol with iked process

404: Page not found.

Robust protection against DDoS attacks on IKE protocol with iked process