Re: [j-nsp] SRX Dynamic Address limits

2024-03-04 Thread Ola Thoresen via juniper-nsp
For IP feeds the limits are quite big. But be aware that for e.g. URL feeds there is a limit of 1000 or 1500 urls in a single feed and platform limits for the total number of Urls.

Re: [j-nsp] SRX Dynamic Address limits

2024-03-04 Thread Roger Wiklund via juniper-nsp
We're using stamparm/ipsum: Daily feed of bad IPs (with blacklist hit scores) (github.com) with SRX300. ~37k entries with no issues. Address name : ipsum-l2 Address id: 11 IPv4 entries : 37317 Regards

Re: [j-nsp] SRX Dynamic Address limits

2024-03-01 Thread Chris Lee via juniper-nsp
Hi Eric, Thanks for that, not too sure where the dynamic lists are stored in RAM or some other onboard memory. That said I ended up loading the lists in a srx340 first which is pretty similar anyway and couldn't see any issues so went ahead and loaded on the srx345's and it looks fine so far, I

Re: [j-nsp] SRX Dynamic Address limits

2024-03-01 Thread Eric Harrison via juniper-nsp
I don't know if this is relevant or not in regards to the srx345, but I recently stress tested a srx4100 and started to notice some anomalies around 64k prefixes. I don't recall anything being logged and it reported that it loaded all >=64k prefixes, "show security match-policies" gave the right

[j-nsp] SRX Dynamic Address limits

2024-03-01 Thread Chris Lee via juniper-nsp
Hi All, Does anyone know if there's any specific limits/bounds/impacts on the number of IP addresses that can be imported into a SRX Dynamic Address list, specifically for an SRX345 ?