SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Posts: 28
Registered: ‎03-28-2009
0 Kudos
Accepted Solution

SRX Problems

1.When I enable UTM policies internet surfing gets dead slow. Why?

2. How to Block Application sets- Like Peer-peer sites,KAAZAA,edonkey,limewire.

 3. Logging - How can I get detailed logging for ip based website access

Distinguished Expert
Posts: 1,122
Registered: ‎01-10-2008
0 Kudos

Re: SRX Problems

1) Try this in you config


set security flow traceoptions file flowtrace size 5 files 2

set security flow traceoptions flag basic-dtapath

set security packet-filter my_filter source-prefix <source-ip>



Then try to browse and look in the output from the trace with show log flowtrace to see what's going on.


when you're ready: rollback 1 to disble the tracing


2) In the IDP module you can do application recognition en set the block action


3) set logiing to your policy and review in the rtlogd log file.

   To enable loging set log session-close on the permit level of the policy (then log session-close) 

   To view the log: show log rtlogd





best regards,

Juniper Ambassador,

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
Posts: 755
Registered: ‎11-06-2007
0 Kudos

Re: SRX Problems

How much BW do you have for your Internet connection? Reason I ask is if you are constantly utilizing max bandwidth then your SurfControl web-filtering check traffic will also need to contend with that traffic. SurfControl will use UDP 9020 so it could take some time before the UF receives a response which will slow down your web surfing. One thing that can be done to help is to maximize your cache size and duration to decrease the amount of UF traffic, though that really would only help if you surf same sites constantly. If I find any other things that could help, I'll let you know.