[j-nsp] Default SRX Behaviour
Paul Stewart
paul at paulstewart.org
Tue Aug 10 22:45:57 EDT 2010
I just wanted to respond back on-list about this .. thank you to everyone
who made suggestions on this issue.
The "set security flow tcp-session no-syn-check" resolved our issue as
suggested below.
My last question is to understand the "risk" associated to disabling the
syn-check. Does this effect any screen options, intrusion or firewall
filters?
Thanks,
Paul
-----Original Message-----
From: William Jackson [mailto:wjackson at sapphire.gi]
Sent: Friday, August 06, 2010 12:20 AM
To: Paul Stewart; Scott T. Cameron; juniper-nsp at puck.nether.net
Subject: RE: [j-nsp] Default SRX Behaviour
I am suffering exactly the same symptoms for nearly exactly the same
reasons, I have a JTAC case open and they have told me to implement:
>Set security flow tcp-session no-syn-check
But it doesn't seem to have made a difference :-(
We are running srx240s in a cluster with 10.0R3.10 code.
Best Regards
William Jackson
More information about the juniper-nsp
mailing list