[j-nsp] SRX3600 weirdness

[James S. Smith]

Just in the process of finishing a project of migrating  subnets behind an SRX3600, and we've run into some odd behavior.

We have a database subnet outside the firewall, and an exchange server subnet behind the firewall.  A database server uses IMAP4 over SSL (TCP 993) to send emails to Exchange.  The connection open and closes pretty regularly, every 5-15 minutes or so, and closes after the communication is done.  But every few days the communication get's stuck.  From the SRX point of view, the database server just isn't initiating a connection.  They have to restart the application to get the email flowing again.

Now for the weirdness...  We just recently moved the database behind the SRX, into a separate zone.  After doing that I was told the application never had a problem.  It functioned like that for 2 weeks and everyone was happy.

Unfortunately, due to some unrelated performance issues on some other traffic flows, we had to move the database outside the firewall again. Now the database is having connection issues to the Exchange server again.

The firewall policies between the database server and the Exchange server were identical regardless of where the database server was located.  There is no natting going on, and we don't use screen or IPS on the SRX.  Any thoughts what could be the cause of this?