Hi all
Does anyone know whether the Juniper Netscreen SSG20, running: Hardware Version: 710(0) Firmware Version: 6.1.0r2.0 (Firewall+VPN) Has any ability to bypass the checking of TCP states for certain interfaces/hosts? I have a situation where we have one configured in a topology using asymmetric routing. This will cause initial connections to go to the SSG20 then be hairpinned and routed to a second gateway on the LAN. Doing this will obviously leave the device confused about the TCP state considering the second default gateway is going to deliver direct to the host. The SSG20 will see lots of out-of-order packets and SYNs/ACKs where it shouldn't. On the Cisco ASA I can configure TCP state bypass, which essentially lets the device treat TCP in a similar way it does UDP. Does anyone know of any similar feature on the Juniper SSG20 that can allow it to work in this situation? I know this isn't the best situation nor the best thing to be doing, but it's only a stop-gap measure during our migration to new infrastructure. Regards, Josh Farrelly. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp