SRX Services Gateway
Highlighted
SRX Services Gateway

Use SRX for only incoming packets

‎07-30-2019 07:40 PM

Is there any way to use SRX for using for only incoming packages. I don't want to return traffic to SRX. If I change defaulte route of server to directly internet SRX drop the packeges because not in session table. 

 

internet-->SRX-->Server

Server-->internet

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Use SRX for only incoming packets

‎07-30-2019 07:50 PM

Hi John,

 

SRX by default is in Flow mode where the traffic is processed based on the state and session.

 

SRX can also work in packet mode on the Branch Devices where the Session table is not created but changing the mode is global and in packet mode, NAT, UTM and other Security features do not work.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461

 

Hope this helps.

 

Thanks,
Pradeep
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

Highlighted
SRX Services Gateway
Solution
Accepted by topic author JohnTucker
‎08-01-2019 03:38 AM

Re: Use SRX for only incoming packets

‎07-30-2019 07:53 PM
Disable tcp syn and sequence check. Please follow this kb: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21266&actp=METADATA
Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Use SRX for only incoming packets

‎07-30-2019 08:40 PM

Hi John,

 

To understand the requirement better, does the Server have a route to the internet bypassing the firewall. If it does, you can simply disable syn-seq check and that should do the job.

 

If the return path from Server to Internet is also routed through the firewall, you can selectively bypass the return traffic from the flow module. In this case the firewall will simply act as a router, no firewalling services.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB26757

 

I hope this helps. Regards,

 

Vikas