SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Use SRX for only incoming packets

    Posted 07-30-2019 19:41

    Is there any way to use SRX for using for only incoming packages. I don't want to return traffic to SRX. If I change defaulte route of server to directly internet SRX drop the packeges because not in session table. 

     

    internet-->SRX-->Server

    Server-->internet

     



  • 2.  RE: Use SRX for only incoming packets

     
    Posted 07-30-2019 19:50

    Hi John,

     

    SRX by default is in Flow mode where the traffic is processed based on the state and session.

     

    SRX can also work in packet mode on the Branch Devices where the Session table is not created but changing the mode is global and in packet mode, NAT, UTM and other Security features do not work.

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

     

    Hope this helps.

     

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!



  • 3.  RE: Use SRX for only incoming packets
    Best Answer

    Posted 07-30-2019 19:54
    Disable tcp syn and sequence check. Please follow this kb: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21266&actp=METADATA


  • 4.  RE: Use SRX for only incoming packets

     
    Posted 07-30-2019 20:40

    Hi John,

     

    To understand the requirement better, does the Server have a route to the internet bypassing the firewall. If it does, you can simply disable syn-seq check and that should do the job.

     

    If the return path from Server to Internet is also routed through the firewall, you can selectively bypass the return traffic from the flow module. In this case the firewall will simply act as a router, no firewalling services.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB26757

     

    I hope this helps. Regards,

     

    Vikas