SRX

last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX screen options

    Posted 07-28-2015 00:35

    Hi,

     

    I have a couple of question that i can't find an answer to:

     

    1. will the SRX release after a period of time a host that has been blocked by screen options?

    2. where does screen options evaluate? on the data plane or the control plane?

     

    thanks



  • 2.  RE: SRX screen options
    Best Answer

     
    Posted 07-28-2015 00:47

    Hello ,

     

    1. will the SRX release after a period of time a host that has been blocked by screen options?

    > It depends on whats attack was the client initiated  , if its like flooding attacks/ DOS / thrusholds  , it will get released . I remember the time value is somewhere around 30 mins to get release  .  If its like spoofing , it will drop all times.

     

    2. where does screen options evaluate? on the data plane or the control plane?

    > The UTMD process run in Control plane , but the checks will be done on Dataplane .

     



  • 3.  RE: SRX screen options

    Posted 07-28-2015 01:02

    thanks!

     

    (no Idea what Kudos is though)

     

    do you have a link to where i can see the timers for 1. ?



  • 4.  RE: SRX screen options

     
    Posted 07-28-2015 01:05

    Hello ,

     

    Thanks for the update . I will check for Doc , currently I am unable to find. 30 Mins are the default timers on SRX so my understanding was in that perspective . I will try checking for Docs .



  • 5.  RE: SRX screen options

     
    Posted 07-28-2015 03:44

    Hello ,

     

    I have a small correct to make , the time values for which it get released in not 30 Mins . I tested this in my lab and found that  , if you configure the  threshold  , lets take an example  1000 session in an min . So if a source hit the box with  1000 sessions in 3 seconds , then the source will be blocked for only the remaining minute .

     

    The next minute  it will be released and new sessions are allowed . I tested this So I hope its the correct value .

     

    Sorry about the previous misunderstanding . Smiley Happy



  • 6.  RE: SRX screen options

    Posted 07-28-2015 05:34

    oh thanks man no problem

     

     

    btw i'm searching for info about configuring IPSEC when the SRX is behind NAT.. 

    how would i accomplish this? with using an aggresive mode or can i specify a "real IP" along with the gateway address?



  • 7.  RE: SRX screen options

     
    Posted 07-28-2015 05:40

    Hello ,

     

    Please check :

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB28108&smlogin=true



  • 8.  RE: SRX screen options

    Posted 07-28-2015 07:05

    ok, but which address should i specify on the remote SRX? it shows only output configuration from the SRX begind NAT



  • 9.  RE: SRX screen options

     
    Posted 07-28-2015 21:54

    Hello ,

     

    On the remote SRX , you need to specify the public NAT IP .