How to log out of state sessions on Juniper SRX platform

juniperjuniper-srxloggingsrx

I am really having trouble to get our SRXes to log sessions that are not in the state table and get dropped because of that.

For example, if you reboot the firewall and some old NFS implementation keeps sending traffic through the same session, once the SRX comes back it drops those packets because it didn't see a three-way-handshake. However, it doesn't log those drops. Yes, logging on the cleanup rule is enabled.

Best Answer

Packets should be classified regardless of the TCP handshake being watched or not. If there isn't a session defined for that flow (fast path) a new one should be created (first path).

Do you have any screen configured?? Maybe it's the screen that's dropping the traffic.

More details on Troubleshooting Traffic Flows and Session Establishment

Maybe you can configure a log file with traceoptions:

security {
  flow {
        traceoptions {
            file trace_file;
            flag basic-datapath;
            packet-filter Match {
                protocol tcp;
                source-prefix <source-ip>;
                destination-prefix <dest-ip>;
                destination-port <tcp-port>;
            }
        }
    }
}

Beware of these traces, since it can cause high CPU load on the SRX if it's carrying a lot of traffic. Limit the filter as much as possible and run it during a maintenance window.

Best Answer

Related Solutions

Juniper SRX Issue – No Traffic After 17 Minutes

Juniper srx-100-b doesn’t boot anymore

Related Topic