Le 19/09/2017 à 06:26, sameer mughal a écrit : > Hi, > > Thanks! > > This is SRX Model: srx220h2 - JUNOS Software Release [12.1X46-D35.1] > and traffic is IP not IPSEC. Traffic is IP BGP and route map also > configured.
BGP ? With how many routes ? how many peers ? > Traffic is pushing around 70 to 80 Mbps. And in pps ? Is it regular or do you have peaks around the high cpu alerts ? > Please advice. Well ... it depend ! * Are you ok with the current performances of your setup ? * Is there an increase in traffic in the foreseable futur ? * Have you got some $$$ to replace the firewall ? I for one would replace it, mostly because doing BGP on such a small SRX doesn't seem like a great idea, expect if you have only one peer and exchange a limited number of routes. > On Tue, Sep 19, 2017 at 12:20 AM, Hugo Slabbert <h...@slabnet.com > <mailto:h...@slabnet.com>> wrote: > > On Mon 2017-Sep-18 10:07:36 +0200, Benoit Plessis > <b.ples...@doyousoft.com <mailto:b.ples...@doyousoft.com>> wrote: > > [..] to external conditions ("attacks" / scan / ..) > [..] it kindof look inadequat to your need. > > Do you have some external monitoring in place with a graphing > system to > look after you firewall ? > > > This can even just be throughput based, especially for flow > services as opposed to just packet-mode forwarding. I've had > instances of this from e.g. pushing >50-60 Mbps of IPSEC on SRX100 > boxes. > Yes that's one of the "external conditions" i had in mind ! :) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp