[j-nsp] Tcp session not properly working through SRX
james list
jameslist72 at gmail.com
Thu Nov 12 12:14:02 EST 2015
Dear experts,
a customer of mine is experiencing problems on a particular tcp
client–server flow passing though an SRX HE cluster (12.1X44-D45).
What I was reported is that the customer sees on a wireshark capture on the
server side an “incorrect checksum” and at application log they see on the
client side “execution expired” or “connection timeout”.
While on the SRX they see only some Invalidated Sessions related to the
server ip address:
SRX-5800> show security flow session destination-prefix X.X.X.X summary |
match "Invalidated"
Invalidated sessions: 3
Invalidated sessions: 2
Invalidated sessions: 5
Invalidated sessions: 5
Invalidated sessions: 3
Invalidated sessions: 4
Invalidated sessions: 7
Invalidated sessions: 8
Invalidated sessions: 6
Invalidated sessions: 6
{primary:node0}
“tcp-session no-syn-check” and “tcp-session no-sequence-check” are
already configured.
Please advise for any idea or comment or experience on similar topics.
Cheers
James
More information about the juniper-nsp
mailing list