SRX Services Gateway
Reply
Contributor
JNSSJNSS
Posts: 28
Registered: ‎03-28-2009
0
Accepted Solution

SRX Problems

1.When I enable UTM policies internet surfing gets dead slow. Why?

2. How to Block Application sets- Like Peer-peer sites,KAAZAA,edonkey,limewire.

 3. Logging - How can I get detailed logging for ip based website access

Distinguished Expert
Screenie
Posts: 1,080
Registered: ‎01-10-2008
0

Re: SRX Problems

1) Try this in you config

 

set security flow traceoptions file flowtrace size 5 files 2

set security flow traceoptions flag basic-dtapath

set security packet-filter my_filter source-prefix <source-ip>

commit

 

Then try to browse and look in the output from the trace with show log flowtrace to see what's going on.

 

when you're ready: rollback 1 to disble the tracing

 

2) In the IDP module you can do application recognition en set the block action

 

3) set logiing to your policy and review in the rtlogd log file.

   To enable loging set log session-close on the permit level of the policy (then log session-close) 

   To view the log: show log rtlogd

 

 

 

 

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SRX Problems

How much BW do you have for your Internet connection? Reason I ask is if you are constantly utilizing max bandwidth then your SurfControl web-filtering check traffic will also need to contend with that traffic. SurfControl will use UDP 9020 so it could take some time before the UF receives a response which will slow down your web surfing. One thing that can be done to help is to maximize your cache size and duration to decrease the amount of UF traffic, though that really would only help if you surf same sites constantly. If I find any other things that could help, I'll let you know.

 

-Richard

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.