SRX Services Gateway
SRX Services Gateway

SRX vs SSG Performanc

‎08-08-2017 03:10 AM




Wondering if you could help with an issue we are seeing with performance of a particular application is much better when routed through a SSG 550 than via an SRX550.


When using the built in performance test within the application the SSG will run through the test fine but when using the SRX it will pause/hang for a few seconds before continuing so this traffic being dropped is causing the performance loss. When running wireshark on the client it shows TCP retrasmissions, which backs up that the SRX is dropping certain types of traffic.


I don't believe this is a configuration issue as I have reset the SRX to factory settings so this is something that the SRX does by default that is causing the issue.


I have removed the screen options, there is no IDP running, I have disabled all the ALG's. I also thought it could be the sequence or syn checks so I disabled them with the following commands but the issue still remains 😞


set security flow tcp-session no-sequence-check
set security flow tcp-session no-syn-check


What else does the SRX performance by default that the SSG does not that could be causing the issue we are seeing ??


Many Thanks,

SRX Services Gateway

Re: SRX vs SSG Performanc

‎08-09-2017 08:21 AM

To add a bit more information to this, hoping someone can assist


Looking at the detailed statistics on the interface, the only thing that stands out is the following;


TCP sequence number out of window: 926


Is there any other commands than 'set security flow tcp-session no-sequence-check'  That could help with the device dropping packets as they are out of the TCP window size it is expecting ?

SRX Services Gateway

Re: SRX vs SSG Performanc

‎08-09-2017 08:53 AM

As a last resort you can configure selective stateless packet-based forwarding for this particular application traffic.


Regards, Wojtek