SRX Services Gateway
SRX Services Gateway

takes long time to commit when adding security policies

‎06-18-2019 06:53 PM

Hi Guys,

 

we are having problem when we are saving/committing after we add security policy on our srx340, it take ages especially in jweb. actually we've already configured 231 security policies and on top of that 200+ address books. committing other configs other than sec policies is fine. is there a way to faster the commit when we add sec policy? thanks   

8 REPLIES 8
SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-18-2019 08:42 PM

You can try it from CLI that should be much faster compare to J-web. 

In CLI if you still see the slow commit then you can run the command commit | display detail to see the whole commit process and get to know where is getting (like which daemons) takes longer to commit 

 

display detail—(Optional) Monitors the commit process. 

SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-18-2019 11:19 PM

Hi,

 

CLI is fine no problem on it. my colleagues are not familiar with command lines in junos. hoping there's still a way using jweb.  

SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-19-2019 09:28 AM

Hi K1mffrey,

 

Please check out this KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB28402&cat=SRX_1400&actp=LIST to see if any of the steps listed here helps the slowness you are encountering.

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

 

Regards,

HS

SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-19-2019 11:14 AM

Are you running Junos Recommended code for SRX340?

 

15.1X49-D170: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476

 

 

 

Please mark my answer as the Solution if it applies.
SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-19-2019 08:00 PM

Hi,

 

the problem is when committing/saving after adding security policy only, other config like adding sec zones/interfaces/ are fine when committing it. no problem too on navigating jweb  

SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-20-2019 05:00 PM

K1mffrey

 

Maybe you can configure security-policies traceoptions and try the J-Web commit and confirm if you can find any problem:

 

# set security policies traceoptions file TRACE
# set security policies traceoptions file size [max_size]
# set security policies traceoptions flag all

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

Feel free to attach the file so we can help you as well.

 

Please mark my answer as the Solution if it applies.
SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-21-2019 07:49 AM

Hi K1mffrey,

 

Understood, thanks for this information. This delay could probably be because of the number of security policies you have in place on the device.

 

If you/your team is interested in making changes on the SRX via GUI, then you could consider using Junos Space:

 

https://www.juniper.net/us/en/products-services/network-management/junos-space-platform/

 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!

 

Regards,

HS

 

SRX Services Gateway

Re: takes long time to commit when adding security policies

‎06-22-2019 09:51 PM

Hi there,

 

Could you perhaps monitor/collect the output of 'show chassis routing-engine' and 'show system processes extensive' iteratively while you do the policy test via Jweb?

 

Also, what Junos code are you at?

 

Cheers

Pooja