SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  file transfer timeouts on srx650

    Posted 08-03-2011 08:42

    Hi there,

    I've a client pc on the lan trying to upload a zip file to a server behind the firewall (srx650) trust to untrust, it works for files up to 24mb but anything above say 100mb we get a i/o error and the transfer times out.

     

    I did a wireshark capture and all looks good but all of a sudden there are only tcp retransmissions.

     

    Could this be something to do with the MTU size on the SRX?

     

    Any ideas at all?

     

    Thanks,

     

    Paul

     

     



  • 2.  RE: file transfer timeouts on srx650

    Posted 08-03-2011 09:08

    Do you have UTM or IPS enabled on the box by any chance?



  • 3.  RE: file transfer timeouts on srx650

    Posted 08-03-2011 09:16

    No, UTM nor IPS are not enabled.

     

    Thanks,

     

    Paul



  • 4.  RE: file transfer timeouts on srx650

    Posted 08-04-2011 02:36

    Hi Guys,

    just wondering has anyone any ideas here?

     

    We were able to upload the iso file when we bypassed the firewall/srx....so we know the issue is definitely firewall related.

     

    Thanks,

     

    Paul



  • 5.  RE: file transfer timeouts on srx650

    Posted 08-04-2011 03:33

    What Junos version are you using?

     

    also, please share your DUT config and logs file? I doubt if this related to any misconfiguration... However lets start from there.

     

    thanks,

    Raheel



  • 6.  RE: file transfer timeouts on srx650

    Posted 08-04-2011 05:13

    Hi Raheel,

    we're running JUNOS Software Release [10.4R4.5]

    What do you mean by DUT config?

    The log files are very verbos!!!

     

    I can see the session hitting the correct policy and passing on tcp port 902.

     

    Doing an nmap to the destination server from the source pc through the firewall I can see the following ports open on the server:

    22

    80

    443

    902

    903

    5989

     

    Does this help at all?

     

    Thanks,

     

    Paul

     

     



  • 7.  RE: file transfer timeouts on srx650

    Posted 08-05-2011 07:56

    Any ideas here at all guys?

     

    Thanks,

     

    Paul



  • 8.  RE: file transfer timeouts on srx650

    Posted 08-05-2011 08:38

    What protocol is the transfer? Sounds like something one of the built in ALGs would do if not configured.



  • 9.  RE: file transfer timeouts on srx650
    Best Answer

    Posted 08-07-2011 17:37

    Hi Paul,

     

    Retransimssion suggest that there can be packet out of sequence and they might be dropped on the srx.

    You can try no-sequence check on srx,.This will ensure that there are no packet drops on srx.

     

    #set security flow tcp-session no-sequence-check

     

    Regards,

    Visitor

     

     -------------------------------------------------​-----------------------------

     If this post was helpful, please mark this post as an "Accepted Solution".

    Kudos are always appreciated!



  • 10.  RE: file transfer timeouts on srx650

    Posted 08-08-2011 06:22

    Hi there,

    I'll try your tip now and let you know.

     

    Thanks,

     

    Paul



  • 11.  RE: file transfer timeouts on srx650

    Posted 08-08-2011 06:47

    Hi there,

    your tip of adding the command:

     

    set security flow tcp-session no-sequence-check

     

    seems to have worked.

     

    Thanks so much,

     

    Paul



  • 12.  RE: file transfer timeouts on srx650

    Posted 08-08-2011 14:34

    Hi Paul,

     

    You are most welcome.

     

    Regards,

    Visitor