02-17-2017 05:18 AM
We are using SRX3400 at the datacenter with SCREEN enabled. We have enabled almost all SCREEN options and we are experiencing drops on tcp sessions randomly.
When it comes to RDP it becomes much more frustrating. In terms of your experience, can you provide me your best practices with SCREEN protection ? What should we do to both enable SCREEN protection and solve session drop problems ?
02-17-2017 05:49 AM
I would suggest using "alarm without drop" option for the screens in order to determine the correct threshold for the various screens :-
The thresholds are different for every network and there is no guide on what the ideal levels are as they will be different for different environments.
You will be able to figure out the ideal values for your network using trial and error. The alarm without drop option would send you syslogs without actually dropping the traffic and thus will be helpful for zeroing in on the correct value.
Hope this helps !
Please mark my solution as accepted if it helped, Kudos are appreciated as well.
02-17-2017 12:44 PM
Thank you for the tip. I will definitely check that out.
Besides than that do you have any other suggestions, like this one, about screen for me as a best practice maybe ?
02-18-2017 02:05 AM
Are you saying RDP connections blocked by SCREEN ? Or how did you confirm its the screen config thats creating issue and nothing else? The reason if if screen is creating performance issues I expect you to see issues with all traffic.
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too