Message Image

Skip main navigation (Press Enter).

SRX

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

SRX Fast Path Processing Question

Jump to Best Answer

Erdem03-25-2015 08:55

Scenario: SRX A -----Ipsec VPN over 200mb Fiber ------ SRX B No advanced services (UTM, IPS, etc) ...

p.k03-25-2015 09:25Best Answer

Hi Because this is a VPN, every packet will be encrypted and then decrypted on other side. This ...

1. SRX Fast Path Processing Question

0 Recommend
Erdem
Posted 03-25-2015 08:55

Reply Reply Privately
Scenario: SRX A -----Ipsec VPN over 200mb Fiber ------ SRX B

No advanced services (UTM, IPS, etc)

If I was to transfer a large file ( ie, Blu Ray) over my IPsec tunnel, once the initial session is created and entered into the session table, the following packets would take the fast path route through the flow module. How would the SRX inspect the payload in the packets that are passing through the fast path? Lets assume no screens, no NAT is being done.

The question was posed by the fact that the current setup (Vendor X), continues to inspect evey packets payload in the session (or so they believe) and is killing the CPU on the box.

Thanks for the help.
2. RE: SRX Fast Path Processing Question
Best Answer

0 Recommend
p.k
Posted 03-25-2015 09:25

Reply Reply Privately
Hi

Because this is a VPN, every packet will be encrypted and then decrypted on other side.
This will be done in "fast path" of the flow module. Just use appropriate SRX model
(consult your SE, and datasheets have some rough numbers).

Again. because it is a VPN, there is no way to not inspect (encrypt, encapsulate) every packet.

Powered by Higher Logic