Hi RoutingFrames,
Greetings, just a few observations:
unit 660 {
vlan-id 660;
family inet {
address
}
}
unit 667 {
vlan-id 667;
family inet {
address
}
There are family inet but there is no IP address, not sure if you did it on purpose and you are planning to add them later.
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
queue-size 2000; ## Warning: 'queue-size' is deprecated
This is not doing anything in your configuration as the knob is deprecated as mentioned below.
Other than this everything looks great plus it is working as you desire, kudos to you!
If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/
Regards,
Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB