Thanks - it's looking like 1800 seconds
p...@dis2.millbrook1> show security flow session destination-prefix
216.168.xxx.xxx
Session ID: 434890, Policy name: Linux-to-Internet/8, Timeout: 1800
In: 216.168.xx.xxx/37820 --> 216.168.xxx.xxx/9103;tcp, If: vlan.11
Out: 216.168.xxx.xxx/9103 --> 2
What is the timeout for the relevant policy/application set at?
@sdc01fw01a> show security flow session destination-prefix 172.30.249.189
node0:
--
Session ID: 120144688, Policy name: VPN/354, State: Active, Timeout: 1780
Thanks very much - have had a few offline replies already. We're trying a
few of these suggestions one step at a time. Bacula apparently has a
"heartbeat" option which is supposed to resolve that particular issue -
we're testing now.
Appreciate all the responses - nice to know this isn't a compl
Paul-
I was having some similar events as far as your TCP session issues...
I found a work around by using:
set security flow tcp-session rst-invalidate-session.
Not sure if it's the perfect solution, but it did seem to solve our similar
issue.
On Aug 5, 2010, at 09:59 , Paul Stewart wrote:
I know we had a thread on this a month ago:
http://www.mail-archive.com/juniper-nsp@puck.nether.net/msg09804.html
but I wanted to explore an idea on how to handle the troubles behind
managing fxp0. I was able to determine that even though fxp0 is supposed
to only handle out-of-band traffic
Hi there..
We just deployed an SRX650 in front of some servers recently - at this
point it's doing nothing more than routing + running screen on inbound
traffic. No other UTM features are enabled at this point.
Configuration is pretty "stock" but we're running into a few issues. First
t
Hello,
SRX-HE models could do that. Not sure about PPTP. I am finding only PPTP
ALG functionality.
You can terminate each customer VPN in different VRF, it
is officially supported in 10.0R3.10. I think Stefan is talking for the same
functionality. Then you can have overlapping IP addresses at bot
On Thu, Aug 05, 2010 at 03:47:55AM +0200, Malte von dem Hagen wrote:
> * That's an explanation based on the effects. I don't know for sure
> what happens under the hood.
It must be a bit different - according to our SE, it's possible to
have both configs. After setting up vme management through J
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
> boun...@puck.nether.net] On Behalf Of Tony Frank
> Sent: Thursday, August 05, 2010 7:35 AM
> To: Fahad Khan; juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] PBR needs to be applied on tunnel interface
> -Original Message-
> From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
> boun...@puck.nether.net] On Behalf Of Martin Barry
> Sent: Thursday, August 05, 2010 12:51 AM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Juniper firewall that does HA, "contexts" and VPN?
>
>
Hi,
> I need policy based routing, but the packet receiving interface is st0. Now
> you can not apply filter on st0. so FBF is failed here
> Can any body suggest the resolution?
The good old trick of a loop link could do it.
You could use logical tunnel, or pair of spare physical port with a
ha
11 matches
Mail list logo