Hi Ashvin,
do you have any idea? Or should I give up on OOB management?
Best Regards
Edson
↧
Re: Unable to ping default gw from SRX240 cluster Node0 using fxp0
↧
SRX300 - internet ping okay, website access not possible
Hello,
I'm facing a strange issue. Our SRX300 is the firewall in front of our router and connected to the internet. The firewall can successfully ping external adresses and so can the clients in the internal network.
But opening a website in a browser is not possible. I configured a policy that allows any access from internal to external, but it didnt solve the problem.
Maybe some of you guys see the problem, I bet its a small one, but I'm getting blind to it.
Here's the config, any help is very much appreciated:
## Last changed: 2016-09-22 15:38:31 GMT+1
version 15.1X49-D45;
system {
host-name xxx;
time-zone GMT+1;
root-authentication {
encrypted-password "xxx/";
}
name-server {
8.8.8.8;
8.8.4.4;
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
user admin {
uid 2001;
class super-user;
authentication {
encrypted-password "xxx";
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/1.0;
}
https {
system-generated-certificate;
interface ge-0/0/1.0;
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set internal-to-internet {
from zone Internal;
to zone Internet;
rule internet-access {
match {
source-address 10.55.32.0/19;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy allow-internal-clients {
match {
source-address network_55;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
address-book {
address network_55 10.55.32.0/19;
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
http;
https;
ssh;
telnet;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 83.xxx.xxx.205/29;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.55.32.2/19;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 83.xxx.xxx.201;
route 10.55.32.0/19 next-hop 10.55.32.1;
}
}
↧
↧
Re: Juniper SRX 100 no storage error
spuluka wrote:If you have a working SRX100 you can try this procedure to get a bootable USB drive (Kingston 8Gb or less are tested good for this, others may also work.)
https://kb.juniper.net/InfoCenter/index?page=content&id=KB29811
This method doesnt work for me 
↧
Strange behavior on srx345 in cluster mode.
Hi guys,
i have a strange behavior on two brand new srx345. In cluster mode, i can't ping the reth0 interface from the outside. Let's get the point first, the reth0 interface is already set up in a security zone.The truly strange behavior is, if i rename the interface to reth1 it will run as expected. No firewall filters are used...
Any ideas?
Here is my config:
chassis {
alarm {
ethernet {
link-down ignore;
}
}
cluster {
control-link-recovery;
reth-count 3;
network-management {
cluster-master;
}
redundancy-group 0 {
node 0 priority 100;
node 1 priority 1;
}
redundancy-group 1 {
node 0 priority 100;
node 1 priority 1;
preempt;
gratuitous-arp-count 4;
}
}
}
security {
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
}
interfaces {
reth1.0;
}
}
security-zone test {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
reth2.0;
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
ping;
}
}
interfaces {
reth0.0;
}
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
redundant-parent reth0;
}
}
ge-0/0/5 {
gigether-options {
redundant-parent reth2;
}
}
ge-0/0/7 {
gigether-options {
redundant-parent reth1;
}
}
ge-5/0/0 {
gigether-options {
redundant-parent reth0;
}
}
ge-5/0/5 {
gigether-options {
redundant-parent reth2;
}
}
ge-5/0/7 {
gigether-options {
redundant-parent reth1;
}
}
fab0 {
fabric-options {
member-interfaces {
ge-0/0/2;
}
}
}
fab1 {
fabric-options {
member-interfaces {
ge-5/0/2;
}
}
}
reth0 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 212.88.155.77/24;
}
}
}
reth1 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 212.88.155.76/24;
}
}
}
reth2 {
redundant-ether-options {
redundancy-group 1;
}
unit 0 {
family inet {
address 212.88.155.78/24;
}
}
}
st0 {
unit 0 {
family inet {
address 10.0.4.1/28;
}
}
}
}
↧
Re: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
There is an issue if you are trying to terminate the VPN on IRB interfaces. Can you provide the config and ike logs?
↧
↧
Re: SRX300 - internet ping okay, website access not possible
Can you configure flow traceoptions and see what is happening? The configuration looks fine.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
↧
Re: SRX Syn problem
I got a pcap traff. from srx and i realize that it answered %3.7 of the syn traffic with syn ack
↧
Re: services dhcp-local-server vs service dhcp and vlan
thanks for your help,
anyway after upgraded SRX240 to 12.1X46-D40.2 and make factory reset still the default configuration have "service dhcp pool" instead JDHCP.
↧
system name-server apply to all jdhcp pool
Hi all,
is it possible to apply the "system name-server" value to all pool jdhcp instead repeat the name-server inside each pool ?
I have more than 20 pool is quite waste of line/space
pool LAN115 {
family inet {
network 192.168.115.0/24;
range wired {
low 192.168.115.50;
high 192.168.115.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
}
router {
192.168.115.1;
}
}
}
}
↧
↧
detect unused objects in SRX Firewall
I have 3 firewalls with several hundred custom applications, application sets, address and address sets, however they are not all in use by policies. Is there a way to determine which ones are in use and which ones are not in use?
Thanks
↧
Re: system name-server apply to all jdhcp pool
It has to be set per pool.
↧
Re: Strange behavior on srx345 in cluster mode.
I had same issue and when i disabled the member interface of reth from passive device then It worked. Actually srx loadbalance the packet on member interfaec of reth so when packet go to passive node's interface it gets dropped. It should be issue of this newest version.
↧
Re: detect unused objects in SRX Firewall
You need to verify these against configured applications, application sets, address and address sets, in policies
↧
↧
Re: detect unused objects in SRX Firewall
Aside from noting each application, application-set, address, and address set then cross refercing them against all policies by hand, i was looking for a tool or script that would help automate this. There are a few 1000 total objects i have to verify against.
↧
Is there any body succeded to use SYN cookie ?
we have tested too many times with a very very simple config
This is the test result of stress test :
http://www.filedropper.com/my-capturebuyuk2 you should download the pcap file and check the syn -> syn-ack mechanism what if work or not our config as given below and we test the same config on 6+ different firmware
If we have a mistake please s.b. tell me that i am wrong.
## Last changed: 2016-09-22 22:37:13 UTC
version 12.1X47-D40.1;
groups {
jweb-security-logging {
system {
syslog {
file mylog {
any any;
archive files 1;
structured-data;
}
}
}
}
}
system {
time-zone UTC;
root-authentication {
}
name-server {
195.175.39.39;
8.8.8.8;
}
services {
ssh;
telnet;
web-management {
http {
interface [ xe-1/0/0.0 xe-1/0/1.0 ae1.0 ];
}
}
}
syslog {
file messages {
any any;
match RT_Screen;
}
file mylog {
any any;
archive files 1;
structured-data;
}
}
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
chassis {
aggregated-devices {
ethernet {
device-count 2;
}
}
}
interfaces {
ge-0/0/0 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/1 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/2 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/3 {
gigether-options {
802.3ad ae1;
}
}
ge-0/0/7 {
unit 0 {
family inet {
address 37.123.98.137/29;
}
}
}
xe-1/0/0 {
unit 0 {
family inet {
address 178.20.225.18/29;
}
}
}
xe-1/0/1 {
unit 0 {
family inet {
address 10.10.10.9/30;
}
}
}
xe-4/0/0 {
unit 0 {
family inet {
address 10.10.10.17/30;
}
}
}
ae1 {
description DownStream;
aggregated-ether-options {
minimum-links 1;
lacp {
active;
periodic fast;
}
}
unit 0 {
family inet {
address 10.10.10.21/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 192.168.1.82/32;
}
}
}
}
snmp {
location izmir;
contact "Cahit Eyigunlu";
community SALAY {
authorization read-only;
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 178.20.225.17;
}
}
policy-options {
policy-statement send-direct {
term 1 {
from protocol direct;
then accept;
}
}
}
security {
log {
mode event;
}
alg {
ftp disable;
msrpc disable;
sunrpc disable;
rsh disable;
sip;
sql disable;
talk disable;
tftp disable;
pptp disable;
ike-esp-nat {
enable;
}
}
flow {
allow-dns-reply;
syn-flood-protection-mode syn-cookie;
aging {
early-ageout 20;
low-watermark 100;
high-watermark 100;
}
}
screen {
ids-option untrust-screen {
icmp {
ip-sweep threshold 1000000;
fragment;
large;
flood threshold 8000;
ping-death;
}
ip {
bad-option;
record-route-option;
timestamp-option;
security-option;
stream-option;
spoofing;
source-route-option;
loose-source-route-option;
strict-source-route-option;
unknown-protocol;
block-frag;
tear-drop;
}
tcp {
syn-fin;
fin-no-ack;
tcp-no-flag;
syn-frag;
port-scan threshold 1000000;
syn-ack-ack-proxy threshold 1000;
syn-flood {
alarm-threshold 25;
attack-threshold 20;
source-threshold 50;
destination-threshold 1000;
timeout 20;
}
land;
winnuke;
tcp-sweep threshold 1000;
}
limit-session {
source-ip-based 200;
}
}
traceoptions {
file screen.log;
flag all;
}
}
forwarding-process {
application-services {
session-distribution-mode hash-based;
}
}
policies {
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
}
}
}
}
from-zone trust to-zone trust {
policy icnetwork {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
}
}
}
}
from-zone untrust to-zone untrust {
policy DisNetwork {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
default-policy {
permit-all;
}
}
datapath-debug {
capture-file my-capture format pcap size 10m files 5;
maximum-capture-size 1500;
action-profile {
do-capture {
event np-egress {
packet-dump;
}
event np-ingress {
packet-dump;
}
}
}
packet-filter my-filter {
action-profile do-capture;
source-prefix 0.0.0.0/0;
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
xe-4/0/0.0;
ae1.0;
ge-0/0/7.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
xe-1/0/1.0;
xe-1/0/0.0;
}
application-tracking;
}
}
}
↧
Re: Is there any body succeded to use SYN cookie ?
Error logs :
Sep 22 22:52:58 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 22:52:58 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 204.79.138.127:56907, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 22:52:59 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 155.10.56.125:8207, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 22:52:59 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 22:52:59 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 100.186.118.101:32720, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 22:53:00 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:24 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 1.111.163.5:49285, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:24 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 119.147.40.32:17350, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:25 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:25 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 209.26.49.108:63269, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:25 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 123.145.217.59:38986, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:26 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:26 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 114.126.100.122:59025, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:26 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 3.123.82.107:48435, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:27 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:27 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 112.121.166.68:47931, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:27 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 175.131.140.91:2293, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:28 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:28 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 211.80.5.98:22514, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:28 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 49.170.242.101:18486, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:29 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:29 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 26.78.167.59:53609, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:29 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 176.197.136.38:22250, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:30 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:30 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 64.176.68.53:55422, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:30 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 96.242.48.125:41257, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:31 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:31 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 202.120.84.65:1569, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:31 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 30.150.27.115:11513, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:32 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:32 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 145.132.17.112:32269, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:32 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 166.55.150.95:30200, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:33 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 23:02:33 RT_IDS: RT_SCREEN_TCP: SYN flood Dst-IP based! source: 165.0.105.48:50249, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:33 RT_IDS: RT_SCREEN_TCP: SYN flood Src-IP based! source: 83.22.50.57:29035, destination: 37.123.98.138:80, zone name: untrust, interface name: xe-1/0/0.0, action: drop Sep 22 23:02:34 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop
Session logs :
<14>1 2016-09-22T23:06:17.946Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4022" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4022" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000548" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4022->37.123.98.138/34063 icmp 78.174.238.0/4022->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 140000548 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:18.096Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4019" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4019" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000546" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4019->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4019->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 140000546 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:18.789Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4020" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4020" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001092" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4020->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4020->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 220001092 1(84) 1(84) 3 N/A N/A No<14>1 2016-09-22T23:06:18.789Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="TCP FIN" source-address="84.22.27.222" source-port="42641" destination-address="178.20.225.18" destination-port="23" service-name="junos-telnet" application="UNKNOWN" nested-application="UNKNOWN" nat-source-address="84.22.27.222" nat-source-port="42641" nat-destination-address="178.20.225.18" nat-destination-port="23" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="self-traffic-policy" source-zone-name="untrust" destination-zone-name="junos-host" session-id-32="220001060" packets-from-client="8" bytes-from-client="347" packets-from-server="6" bytes-from-server="285" elapsed-time="33" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed TCP FIN: 84.22.27.222/42641->178.20.225.18/23 junos-telnet UNKNOWN UNKNOWN 84.22.27.222/42641->178.20.225.18/23 N/A N/A 6 self-traffic-policy untrust junos-host 220001060 8(347) 6(285) 33 N/A N/A No<14>1 2016-09-22T23:06:18.939Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4023" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4023" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001096" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4023->37.123.98.138/34063 icmp 78.174.238.0/4023->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 220001096 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:19.932Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4024" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4024" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001111" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4024->37.123.98.138/34063 icmp 78.174.238.0/4024->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 240001111 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:20.095Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4022" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4022" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000548" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4022->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4022->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 140000548 1(84) 1(84) 3 N/A N/A No<14>1 2016-09-22T23:06:20.788Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="idle Timeout" source-address="200.127.163.230" source-port="50184" destination-address="37.123.98.137" destination-port="23" service-name="junos-telnet" application="TELNET" nested-application="UNKNOWN" nat-source-address="200.127.163.230" nat-source-port="50184" nat-destination-address="37.123.98.137" nat-destination-port="23" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001076" packets-from-client="1" bytes-from-client="52" packets-from-server="3" bytes-from-server="156" elapsed-time="19" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed idle Timeout: 200.127.163.230/50184->37.123.98.137/23 junos-telnet TELNET UNKNOWN 200.127.163.230/50184->37.123.98.137/23 N/A N/A 6 default-permit untrust trust 220001076 1(52) 3(156) 19 N/A N/A No<14>1 2016-09-22T23:06:20.832Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4021" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4021" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001110" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4021->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4021->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 240001110 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:20.946Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4025" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4025" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000550" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4025->37.123.98.138/34063 icmp 78.174.238.0/4025->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 140000550 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:21.939Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4026" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4026" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001097" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4026->37.123.98.138/34063 icmp 78.174.238.0/4026->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 220001097 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:22.788Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4023" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4023" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001096" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4023->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4023->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 220001096 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:22.840Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4024" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4024" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001111" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4024->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4024->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 240001111 1(84) 1(84) 3 N/A N/A No<14>1 2016-09-22T23:06:22.930Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4027" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4027" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001112" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4027->37.123.98.138/34063 icmp 78.174.238.0/4027->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 240001112 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:23.795Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="179.156.247.71" source-port="37953" destination-address="37.123.98.142" destination-port="23" service-name="junos-telnet" nat-source-address="179.156.247.71" nat-source-port="37953" nat-destination-address="37.123.98.142" nat-destination-port="23" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000551" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 179.156.247.71/37953->37.123.98.142/23 junos-telnet 179.156.247.71/37953->37.123.98.142/23 N/A N/A N/A N/A 6 default-permit untrust trust 140000551 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:23.944Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4028" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4028" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000552" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4028->37.123.98.138/34063 icmp 78.174.238.0/4028->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 140000552 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:24.095Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="idle Timeout" source-address="116.102.95.155" source-port="12116" destination-address="37.123.98.136" destination-port="23" service-name="junos-telnet" application="UNKNOWN" nested-application="UNKNOWN" nat-source-address="116.102.95.155" nat-source-port="12116" nat-destination-address="37.123.98.136" nat-destination-port="23" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000543" packets-from-client="2" bytes-from-client="88" packets-from-server="0" bytes-from-server="0" elapsed-time="20" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed idle Timeout: 116.102.95.155/12116->37.123.98.136/23 junos-telnet UNKNOWN UNKNOWN 116.102.95.155/12116->37.123.98.136/23 N/A N/A 6 default-permit untrust trust 140000543 2(88) 0(0) 20 N/A N/A No<14>1 2016-09-22T23:06:24.095Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4025" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4025" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000550" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4025->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4025->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 140000550 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:24.580Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="200.127.163.230" source-port="21318" destination-address="37.123.98.137" destination-port="23" service-name="junos-telnet" nat-source-address="200.127.163.230" nat-source-port="21318" nat-destination-address="37.123.98.137" nat-destination-port="23" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001113" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="TELNET" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 200.127.163.230/21318->37.123.98.137/23 junos-telnet 200.127.163.230/21318->37.123.98.137/23 N/A N/A N/A N/A 6 default-permit untrust trust 240001113 N/A(N/A) xe-1/0/0.0 TELNET UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:24.788Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4026" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4026" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001097" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4026->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4026->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 220001097 1(84) 1(84) 3 N/A N/A No<14>1 2016-09-22T23:06:24.937Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4029" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4029" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001099" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4029->37.123.98.138/34063 icmp 78.174.238.0/4029->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 220001099 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:24.946Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="200.127.163.230" source-port="50687" destination-address="37.123.98.137" destination-port="23" service-name="junos-telnet" nat-source-address="200.127.163.230" nat-source-port="50687" nat-destination-address="37.123.98.137" nat-destination-port="23" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000553" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="TELNET" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 200.127.163.230/50687->37.123.98.137/23 junos-telnet 200.127.163.230/50687->37.123.98.137/23 N/A N/A N/A N/A 6 default-permit untrust trust 140000553 N/A(N/A) xe-1/0/0.0 TELNET UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:25.979Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4030" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4030" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001115" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4030->37.123.98.138/34063 icmp 78.174.238.0/4030->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 240001115 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<14>1 2016-09-22T23:06:26.094Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="idle Timeout" source-address="129.82.138.44" source-port="3860" destination-address="37.123.98.140" destination-port="6710" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="129.82.138.44" nat-source-port="3860" nat-destination-address="37.123.98.140" nat-destination-port="6710" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000523" packets-from-client="1" bytes-from-client="32" packets-from-server="0" bytes-from-server="0" elapsed-time="60" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed idle Timeout: 129.82.138.44/3860->37.123.98.140/6710 icmp ICMP ICMP-ECHO 129.82.138.44/3860->37.123.98.140/6710 N/A N/A 1 default-permit untrust trust 140000523 1(32) 0(0) 60 N/A N/A No<14>1 2016-09-22T23:06:26.094Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4028" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4028" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="140000552" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4028->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4028->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 140000552 1(84) 1(84) 3 N/A N/A No<14>1 2016-09-22T23:06:26.832Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4027" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4027" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001112" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4027->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4027->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 240001112 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:26.832Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="TCP RST" source-address="200.127.163.230" source-port="21318" destination-address="37.123.98.137" destination-port="23" service-name="junos-telnet" application="TELNET" nested-application="UNKNOWN" nat-source-address="200.127.163.230" nat-source-port="21318" nat-destination-address="37.123.98.137" nat-destination-port="23" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001113" packets-from-client="2" bytes-from-client="80" packets-from-server="1" bytes-from-server="44" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed TCP RST: 200.127.163.230/21318->37.123.98.137/23 junos-telnet TELNET UNKNOWN 200.127.163.230/21318->37.123.98.137/23 N/A N/A 6 default-permit untrust trust 240001113 2(80) 1(44) 3 N/A N/A No<14>1 2016-09-22T23:06:26.986Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4031" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4031" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001100" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4031->37.123.98.138/34063 icmp 78.174.238.0/4031->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 220001100 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<7>1 2016-09-22T23:06:27.414Z - /kernel - - - watchdog: Time since last watchdog strobe: 32<14>1 2016-09-22T23:06:27.979Z - RT_FLOW - RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.34 source-address="78.174.238.0" source-port="4032" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" nat-source-address="78.174.238.0" nat-source-port="4032" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001116" username="N/A" roles="N/A" packet-incoming-interface="xe-1/0/0.0" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"] session created 78.174.238.0/4032->37.123.98.138/34063 icmp 78.174.238.0/4032->37.123.98.138/34063 N/A N/A N/A N/A 1 default-permit untrust trust 240001116 N/A(N/A) xe-1/0/0.0 UNKNOWN UNKNOWN UNKNOWN<30>1 2016-09-22T23:06:27.984Z - telnetd 2125 - - ttloop: peer died: Resource temporarily unavailable<28>1 2016-09-22T23:06:27.986Z - inetd 1234 - - /usr/libexec/telnetd[2125]: exited, status 1<14>1 2016-09-22T23:06:28.786Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4029" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4029" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001099" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="4" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4029->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4029->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 220001099 1(84) 1(84) 4 N/A N/A No<14>1 2016-09-22T23:06:28.786Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="TCP FIN" source-address="200.127.163.230" source-port="49918" destination-address="37.123.98.137" destination-port="23" service-name="junos-telnet" application="TELNET" nested-application="UNKNOWN" nat-source-address="200.127.163.230" nat-source-port="49918" nat-destination-address="37.123.98.137" nat-destination-port="23" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="220001066" packets-from-client="8" bytes-from-client="359" packets-from-server="7" bytes-from-server="343" elapsed-time="38" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed TCP FIN: 200.127.163.230/49918->37.123.98.137/23 junos-telnet TELNET UNKNOWN 200.127.163.230/49918->37.123.98.137/23 N/A N/A 6 default-permit untrust trust 220001066 8(359) 7(343) 38 N/A N/A No<14>1 2016-09-22T23:06:28.836Z - RT_FLOW - APPTRACK_SESSION_CLOSE [junos@2636.1.1.1.2.34 reason="response received" source-address="78.174.238.0" source-port="4030" destination-address="37.123.98.138" destination-port="34063" service-name="icmp" application="ICMP" nested-application="ICMP-ECHO" nat-source-address="78.174.238.0" nat-source-port="4030" nat-destination-address="37.123.98.138" nat-destination-port="34063" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="1" policy-name="default-permit" source-zone-name="untrust" destination-zone-name="trust" session-id-32="240001115" packets-from-client="1" bytes-from-client="84" packets-from-server="1" bytes-from-server="84" elapsed-time="3" username="N/A" roles="N/A" encrypted="No"] AppTrack session closed response received: 78.174.238.0/4030->37.123.98.138/34063 icmp ICMP ICMP-ECHO 78.174.238.0/4030->37.123.98.138/34063 N/A N/A 1 default-permit untrust trust 240001115 1(84) 1(84) 3 N/A N/A No
↧
Re: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
Thanks for offering to help. I'm trying to get the IKE log. I just cleared it to generate some clean log but now nothing is being generated which is odd. Anyway, three configs attached:
1. SRX210 working config (static end. The box is in front of me)
2. SRX100 working config (dynamic end. The box is 7000 miles away)
3. SRX300 failed VPN config (meant to replace the SRX210)
IKE log to follow when I can get one. Cheers
P.S. I'm afraid I am a Junos novice if that's not already obvious
↧
↧
Re: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
Fixed!
Apologies if I've wasted some time here. I've just found a problem with the SP gateway northbound of the SRX300. A reboot and the VPN tunnel is now up.
What's the appropriate action for a JNET thread that resolves itself like this? Do I somehow delete it to avoid irrelevant content?
↧
Re: Strange behavior on srx345 in cluster mode.
I see that you have configured same subnet ip-addresses for multiple reth interfaces.
You could run show route and check route that SRX takes to respond.
Regards,
Raveen
↧
Re: SSG5 vs SRX210H IPsec throughput performance, RTPERF_CPU_THRESHOLD_EXCEEDED
Even now, in 2016, SRX suffer poor performance with ipsec vpn. Ive had throughput issues on srx 220, 240, and 650. Even setting the recommended mtu and mss sizes does not always fix the issue. Throughput in one direction is the expected 85% of line speed. The opposite direction is 10%.
↧