SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX345 Decreased Throughput

    Posted 06-26-2019 22:27

    I am newbie to SRX and also to this forum, I am looking for some help.

    Our customer has recently started  deploying a new SRX 345 cluster, We are in midst of testing TCP/UDP throughput with various security features. initial test looked positive with throughput but after configuring IDP, SSL proxy feature http/https throughput has reduced drastically, Is this expected? 

     Any commands/logs to check for to identy problem? What can be done to increase or atleast normalize the throughput?

     

    Appreciate the feedback.



  • 2.  RE: SRX345 Decreased Throughput

     
    Posted 06-26-2019 22:39
    Throughput reduction with Deep packet inspection technologies like IDP/UTM is expected as they need more processing.


  • 3.  RE: SRX345 Decreased Throughput

    Posted 06-26-2019 22:46

    Nixson_security,

    As I understand Throughput is reduced after configuring IDP or SSL proxy.  Please refer the datasheet to check the performance numbers. 

     

    https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000550-en.pdf

     

    If you are not seeing the expected throughput what is described in datasheet then to start with you can look for below information.

    First of all verify RE and PFE CPU, ensure this is not crossing threshold level.

     

    show chassis routing-engine

    show system process extensive 

    show security monitoring performance CPU

    show log messages to see any idp related errors.

     

    Also below kb link should help you with detailed steps of idp troubleshooting along with IDP configuration suggestions.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16561&actp=METADATA

     



  • 4.  RE: SRX345 Decreased Throughput
    Best Answer

    Posted 06-26-2019 22:49

    If by any chance you have newly IDP license installed and haven't rebooted the device then you need to reboot post IDP installation.

    Please refer and follow the KB. Let me know if this KB helps.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB28747

     



  • 5.  RE: SRX345 Decreased Throughput

    Posted 06-27-2019 00:02

    Thanks 

     

     



  • 6.  RE: SRX345 Decreased Throughput

     
    Posted 06-27-2019 00:13
    Hi Nixson,

    Few models reboot automatically reboot after an addition or deletion of a Memory Upgrade license such as SRX100.

    Other licenses such as licenses for Antivirus, Web Filter, IDP, Antispam do not need a reboot. You can install the licenses and proceed with the configuration.

    Hope this helps.

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

    Juniper Business Use Only