Re: [j-nsp] Default SRX Behaviour

2010-08-11 Thread Hahues, Sven
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Paul Stewart Sent: Tuesday, August 10, 2010 10:46 PM To: 'William Jackson'; 'Scott T. Cameron'; juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Default SRX Behaviour I just want

Re: [j-nsp] Default SRX Behaviour

2010-08-10 Thread Paul Stewart
yn-check. Does this effect any screen options, intrusion or firewall filters? Thanks, Paul -Original Message- From: William Jackson [mailto:wjack...@sapphire.gi] Sent: Friday, August 06, 2010 12:20 AM To: Paul Stewart; Scott T. Cameron; juniper-nsp@puck.nether.net Subject: RE: [j-nsp] D

Re: [j-nsp] Default SRX Behaviour

2010-08-06 Thread Piotr Bratkowski
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Maybe you should enable logging on your policy permit rules ( session-close) and see what logs says about reason for closing the session. Regards, Piotr Bratkowski W dniu 2010-08-06 12:28, Pavel Lunin pisze: > > Hi Paul, > >> Thanks - it's loo

Re: [j-nsp] Default SRX Behaviour

2010-08-06 Thread Pavel Lunin
Hi Paul, Thanks - it's looking like 1800 seconds p...@dis2.millbrook1> show security flow session destination-prefix 216.168.xxx.xxx Session ID: 434890, Policy name: Linux-to-Internet/8, Timeout: 1800 In: 216.168.xx.xxx/37820 --> 216.168.xxx.xxx/9103;tcp, If: vlan.11 Out: 216.168.x

Re: [j-nsp] Default SRX Behaviour

2010-08-06 Thread William Jackson
I am suffering exactly the same symptoms for nearly exactly the same reasons, I have a JTAC case open and they have told me to implement: >Set security flow tcp-session no-syn-check But it doesn't seem to have made a difference :-( We are running srx240s in a cluster with 10.0R3.10 code.

Re: [j-nsp] Default SRX Behaviour

2010-08-05 Thread Paul Stewart
ll the responses - nice to know this isn't a completely > isolated > behavior... > > Paul > > > -Original Message- > From: Michael Damkot [mailto:mdamkot...@gmail.com] > Sent: Thursday, August 05, 2010 1:06 PM > To: Paul Stewart > Cc: juniper-nsp@puck.nethe

Re: [j-nsp] Default SRX Behaviour

2010-08-05 Thread Scott T. Cameron
o know this isn't a completely > isolated > behavior... > > Paul > > > -Original Message- > From: Michael Damkot [mailto:mdamkot...@gmail.com] > Sent: Thursday, August 05, 2010 1:06 PM > To: Paul Stewart > Cc: juniper-nsp@puck.nether.net > Subject: Re

Re: [j-nsp] Default SRX Behaviour

2010-08-05 Thread Paul Stewart
to know this isn't a completely isolated behavior... Paul -Original Message- From: Michael Damkot [mailto:mdamkot...@gmail.com] Sent: Thursday, August 05, 2010 1:06 PM To: Paul Stewart Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Default SRX Behaviour Paul- I was having some

Re: [j-nsp] Default SRX Behaviour

2010-08-05 Thread Michael Damkot
Paul- I was having some similar events as far as your TCP session issues... I found a work around by using: set security flow tcp-session rst-invalidate-session. Not sure if it's the perfect solution, but it did seem to solve our similar issue. On Aug 5, 2010, at 09:59 , Paul Stewart wrote:

[j-nsp] Default SRX Behaviour

2010-08-05 Thread Paul Stewart
Hi there.. We just deployed an SRX650 in front of some servers recently - at this point it's doing nothing more than routing + running screen on inbound traffic. No other UTM features are enabled at this point. Configuration is pretty "stock" but we're running into a few issues. First t