Hi there..
We just deployed an SRX650 in front of some servers recently - at this point it's doing nothing more than routing + running screen on inbound traffic. No other UTM features are enabled at this point. Configuration is pretty "stock" but we're running into a few issues. First the relevant config: security { idp { security-package { url https://services.netscreen.com/cgi-bin/index.cgi; } } screen { ids-option Internet-Inbound { icmp { ping-death; } ip { source-route-option; tear-drop; } tcp { syn-flood { alarm-threshold 1024; attack-threshold 200; source-threshold 1024; destination-threshold 2048; timeout 20; } land; } } } zones { security-zone Internet { screen Internet-Inbound; interfaces { ge-6/0/23.0 { host-inbound-traffic { system-services { ssh; snmp; ping; traceroute; } protocols { ospf; } } } } } security-zone Linux { interfaces { vlan.11 { host-inbound-traffic { system-services { ping; } } } } } policies { from-zone Internet to-zone Linux { policy Internet-to-Linux { match { source-address any; destination-address any; application any; } then { permit; } } } from-zone Linux to-zone Internet { policy Linux-to-Internet { match { source-address any; destination-address any; application any; } then { permit; } } } The problem is a couple of things that we've noticed so far. the first is a minor issue with inactivity - if I have a SSH session open to one of these servers and let it sit for approximately 2 minutes then the connection drops. The SSH configuration on the boxes is set to 10 minutes of inactivity which worked well before the SRX was implemented. The second issue is alarming us - we run Bacula for server backups. The actual Bacula server is remote from this network (not on the same subnet or attached to the SRX logically/physically). Some of the servers are backing up just fine (smaller datasets) but some of these servers which contain larger amounts of backup data are timing out after an hour or more of the backup working - something is stopping the data transfer in the middle. We removed the "screen" process on the security-zone but that made no difference - now I'm thinking there is some default settings that are causing this but not sure where to look. Model: srx650 JUNOS Software Release [10.0R3.10] Any thoughts? Appreciate it. Paul _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp