I am suffering exactly the same symptoms for nearly exactly the same reasons, I have a JTAC case open and they have told me to implement: >Set security flow tcp-session no-syn-check But it doesn't seem to have made a difference :-( We are running srx240s in a cluster with 10.0R3.10 code. Best Regards William Jackson