What version are you running? Not knowing the rest of the setup makes it hard to guess what it could be. Unless there are some filters on interfaces, I would suspect the DNS ALG, it has sometimes caused problems. If you are allowed to make changes to the ALGs, one thing to try could be:
[edit] carlinhos@FW-Cluster01# set security alg dns disable [edit] carlinhos@FW-Cluster01# commit and-quit /Per _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp