[j-nsp] SRX3400: DNS ALG on 10.2R1

Quoc Hoang quochoang at yahoo.com
Thu Aug 12 19:01:47 EDT 2010


I found the ALGs on the SRX to be unreliable and most time doesn't work. We had to disable SQL/RPC/SIP ALGs on our SRX3600 (10.1) to get those services working.

IMHO, ALGS should be disabled by default.

quoc
--- On Thu, 8/12/10, Scott T. Cameron <routehero at gmail.com> wrote:

> From: Scott T. Cameron <routehero at gmail.com>
> Subject: [j-nsp] SRX3400: DNS ALG on 10.2R1
> To: juniper-nsp at puck.nether.net
> Date: Thursday, August 12, 2010, 10:41 AM
> Hello,
> 
> I just had a very unusual production outage.
> 
> All traffic was flowing through the SRX3400 (in chassis
> cluster mode) no
> problem.
> 
> Suddenly, DNS started to fail.  Was not passing
> through the firewall at all
> -- all other traffic was.
> 
> The resolution was to disable the DNS ALG.
> 
> Nothing interesting in the flow log.
> 
> Anyone seen this?  Tips?  Tricks?  ALGs are
> evil?
> 
> Scott
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list