[j-nsp] Weird SRX flow timeout issue

Tim Eberhard xmin0s at gmail.com
Mon Nov 12 14:30:06 EST 2012


While I haven't read this entire thread, it's worth mentioning that
this is a correct statement. TCP connections (by default) must be
initiated by a standard 3-way handshake. You can disabled this by
turning off tcp-syn-checking under security -> flow.

I wouldn't recommend it however, as enforcing proper TCP state is
always a good security practice.

-Tim EBerhard

On Mon, Nov 12, 2012 at 1:07 PM, Benny Amorsen <benny+usenet at amorsen.dk> wrote:
> Julien Goodwin <jgoodwin at studio442.com.au> writes:
>
>> Sadly SRX doesn't (or at least a few years ago didn't) consider TCP
>> keepalives sufficient to keep the session open.
>
> Thank you for that heads-up, that is certainly something to keep in
> mind.
>
>
> /Benny
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list