[j-nsp] Weird SRX flow timeout issue
Julien Goodwin
jgoodwin at studio442.com.au
Tue Nov 13 01:05:30 EST 2012
On 12/11/12 16:03, Tim Eberhard wrote:
> Benny,
>
> I've been working with the SRX since before it was in beta loading it
> up on a SSG550-M and netscreen previous to that. TCP keep alives, or
> any tcp packet that transverses that session has ALWAYS reset the
> timeout. The only time where you would see this "not working" is if
> you had a situation of asymmetric routing or some time of crazy load
> balancing through firewalls.
All I can say is that as of late 2009 on branch SRX (specifically
SRX650, using then-current JunOS, probably 9.5) this was not the case
with SSH traffic (which IIRC doesn't have an ALG).
It wouldn't kill the session, just wouldn't extend it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20121112/677446a6/attachment.sig>
More information about the juniper-nsp
mailing list