From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Paul Stewart
Sent: Tuesday, August 10, 2010 10:46 PM
To: 'William Jackson'; 'Scott T. Cameron'; juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Default SRX Behaviour
I just want
yn-check. Does this effect any screen options, intrusion or firewall
filters?
Thanks,
Paul
-Original Message-
From: William Jackson [mailto:wjack...@sapphire.gi]
Sent: Friday, August 06, 2010 12:20 AM
To: Paul Stewart; Scott T. Cameron; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] D
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Maybe you should enable logging on your policy permit rules (
session-close) and see what logs says about reason for closing the
session.
Regards,
Piotr Bratkowski
W dniu 2010-08-06 12:28, Pavel Lunin pisze:
>
> Hi Paul,
>
>> Thanks - it's loo
Hi Paul,
Thanks - it's looking like 1800 seconds
p...@dis2.millbrook1> show security flow session destination-prefix
216.168.xxx.xxx
Session ID: 434890, Policy name: Linux-to-Internet/8, Timeout: 1800
In: 216.168.xx.xxx/37820 --> 216.168.xxx.xxx/9103;tcp, If: vlan.11
Out: 216.168.x
I am suffering exactly the same symptoms for nearly exactly the same
reasons, I have a JTAC case open and they have told me to implement:
>Set security flow tcp-session no-syn-check
But it doesn't seem to have made a difference :-(
We are running srx240s in a cluster with 10.0R3.10 code.
ll the responses - nice to know this isn't a completely
> isolated
> behavior...
>
> Paul
>
>
> -Original Message-
> From: Michael Damkot [mailto:mdamkot...@gmail.com]
> Sent: Thursday, August 05, 2010 1:06 PM
> To: Paul Stewart
> Cc: juniper-nsp@puck.nethe
o know this isn't a completely
> isolated
> behavior...
>
> Paul
>
>
> -Original Message-
> From: Michael Damkot [mailto:mdamkot...@gmail.com]
> Sent: Thursday, August 05, 2010 1:06 PM
> To: Paul Stewart
> Cc: juniper-nsp@puck.nether.net
> Subject: Re
to know this isn't a completely isolated
behavior...
Paul
-Original Message-
From: Michael Damkot [mailto:mdamkot...@gmail.com]
Sent: Thursday, August 05, 2010 1:06 PM
To: Paul Stewart
Cc: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] Default SRX Behaviour
Paul-
I was having some
Paul-
I was having some similar events as far as your TCP session issues...
I found a work around by using:
set security flow tcp-session rst-invalidate-session.
Not sure if it's the perfect solution, but it did seem to solve our similar
issue.
On Aug 5, 2010, at 09:59 , Paul Stewart wrote:
Hi there..
We just deployed an SRX650 in front of some servers recently - at this
point it's doing nothing more than routing + running screen on inbound
traffic. No other UTM features are enabled at this point.
Configuration is pretty "stock" but we're running into a few issues. First
t
10 matches
Mail list logo