On SRX5600 and SRX5800 devices, the out-of-band management interface fpx0 has a non-Juniper MAC address. Juniper devices normally use the Juniper MAC addresses on their interfaces. However there is an exception with the out-of-band management interface fxp0 on the SRX5600 and SRX5800 platforms, where the MAC address is not from a Juniper MAC address … [Read more...]
MTU value of the secure tunnel interface
This article describes the issue of the inet MTU value not reverting to its default value, when the inet MTU configuration is removed. The default inet MTU for the secure tunnel interface is 9192. When modifying this value, you need to be aware of the following issue: When inet MTU is configured at the same time as the interface family is configured, the inet MTU will … [Read more...]
How to find routes that are older or newer than a specific time
How to find flapped routes that are older or newer than a specific time. In some circumstances, such as when you need to find the most recent flapped routes, you need to find the routes that are newer than a specific time. Usually this is done by manually post-processing the output from the show route command to find the routes. You can also use a hidden CLI command to do … [Read more...]
RTLOGD_GET_TNP_ADDRESS_FAILED
The RTLOGD_GET_TNP_ADDRESS_FAILED message is reported into the system message file whenever the J-series Services Router (JSR) log daemon failed to determine local TNP address used to receive JSR log. This article documents an approach to troubleshoot this problem. This message is generated by the system log utility for real-time processing of packets for security control … [Read more...]
RTLOGD_DAEMONIZE_FAILED
The RTLOGD_DAEMONIZE_FAILED message is reported into the system message file whenever the J-series Services Router (JSR) log daemon could not create a version of itself to run in the background as a daemon. This article documents an approach to troubleshoot this problem. This message is generated by the system log utility for real-time processing of packets for security … [Read more...]
How to modify TCP socket connections between SRX and TSC?
How to modify TCP socket connections between SRX and TSC, using a hidden command. In enhanced web filtering (EWF), SRX makes TCP socket connections to the TSC server. Multiple TCP connections need to be established from SRX to the TSC server. SRX sends requests to the TSC using one of the available connections using a round-robin algorithm. Using more sessions is not … [Read more...]
RTLOGD_EVLIB_FAILURE
The JSR log daemon called the indicated event library function. The function failed with the indicated error. The RTLOGD_EVLIB_FAILURE message is logged each time the log daemon fails a function call to the event library. When an RTLOGD_EVLIB_FAILURE, a message similar to the following is reported: rtlogd[3758]: RTLOGD_EVLIB_FAILURE: evMainLoop failed: Invalid … [Read more...]
How to calculate SPU memory usage
How to calculate memory usage in SPU or PFE in dataplane from CLI output of 'show security monitoring fpc X'. To calculate memory in SPU or PFE in dataplane To provide a guideline for understanding memory map in SPU and figure out what modules are using SPU memory Memory utilization from CLI 'show security monitoring fpc X' is based on the output of 'show memory' and … [Read more...]
How many RTSP modes are support by SRX?
This article introduces the RTSP modes supported by SRX. There are three modes in RTSP: Control channel uses TCP, media channel uses UDP. Control and media channel use same TCP channel(interleave mode). Control and media channel use different TCP channel. Currently, ALG RTSP supports mode 1 and mode 2 (in 11.2 need extra configuration). SRX does not support … [Read more...]
How to block Ultrasurf using Appilication Firewall settings
This article describes the configuration steps to block UltraSurf on SRX firewalls using the Application Firewall feature. UltraSurf is a privacy application used to hide a user's Internet activity. Traffic from this application is indistinguishable from a generic SSL. Downloaders of this application may be attempting to disguise their internet traffic. The article provides … [Read more...]