Quantcast
Channel: All SRX Services Gateway posts
Viewing all 17645 articles
Browse latest View live

Re: SRX 1400 is blocking packets for download during Debian Distribution installation

December 13, 2017, 9:48 am
$
0
0

When you test the successfull transfer is the SSG firewall also in the path?

The answer is yes, ssg firewall is also in the path for successful transfer.

 

What is the security policy that permits this http connect? Is there any IDP on it?

Security policy is created with source address: 172.29.3.32 (private ip), destination: any, application: any, then permit

No, there is no IDP on SRX 1400.

 

Traceoption is run for Source IP: 172.29.3.32   Destination IP: 83.166.201.99

Traceoption result is attached.

 

Please suggest why SRX1400 is blocking this download.

 

Search

Re: SRX 1400 is blocking packets for download during Debian Distribution installation

December 13, 2017, 9:51 am
$
0
0

Traceoption logs:

Dec 13 22:24:46 22:24:46.529979:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.530029:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:Installing c2s NP session wing
 
Dec 13 22:24:46 22:24:46.530038:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_session: install np cache
 
Dec 13 22:24:46 22:24:46.530048:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_session: install normal np cache
 
Dec 13 22:24:46 22:24:46.530060:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:np_cache_qualify: traffic color 1 threshold (0)
 
Dec 13 22:24:46 22:24:46.530071:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:installing both NP session
 
Dec 13 22:24:46 22:24:46.530083:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session_: got child ifl 254 from natp (0x86c4bc60) queued mbuf 0x2815c400
 
Dec 13 22:24:46 22:24:46.530102:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session_: Flow installing NP session for nsp-0x86c4bc60, ifname -reth1.1301, if_info=254
 
Dec 13 22:24:46 22:24:46.530128:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session_: Turning on SZ for sess id 922329
 
Dec 13 22:24:46 22:24:46.530146:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session: spu hash mode 0
 
Dec 13 22:24:46 22:24:46.530156:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:Installing s2c NP session wing
 
Dec 13 22:24:46 22:24:46.530163:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_session: install np cache
 
Dec 13 22:24:46 22:24:46.530172:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_session: install normal np cache
 
Dec 13 22:24:46 22:24:46.530183:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:np_cache_qualify: traffic color 1 threshold (0)
 
Dec 13 22:24:46 22:24:46.530193:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:installing both NP session
 
Dec 13 22:24:46 22:24:46.530203:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:ae/reth's np session child ifl index 338
 
Dec 13 22:24:46 22:24:46.530212:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session_: Flow installing NP session for nsp-0x86c4bd18, ifname -reth5.943, if_info=338
 
Dec 13 22:24:46 22:24:46.530235:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session_: Turning on SZ for sess id 922329
 
Dec 13 22:24:46 22:24:46.530247:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_spu_install_np_normal_session: spu hash mode 0
 
Dec 13 22:24:46 22:24:46.530259:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RTSmiley FrustratedPU flow flush 1 paks for natp (0x86c4bc60), lock:1
 
Dec 13 22:24:46 22:24:46.530273:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:Fwd packet with rtbl idx 0, cos 0, rl 0
 
Dec 13 22:24:46 22:24:46.530292:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RTSmiley FrustratedPU flush pkt,flag:8401, session:E12D9
 
Dec 13 22:24:46 22:24:46.530339:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:Got CP ack for session 922329.  P->V success
 
Dec 13 22:24:46 22:24:46.528331:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley FrustratedPU received an event,type SESS_MSG_PAK_W_PEND_CP_SESS, common:0
 
Dec 13 22:24:46 22:24:46.528346:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:Rcv packet with rtbl idx 0, cos 0, rl 0
 
Dec 13 22:24:46 22:24:46.528357:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley FrustratedPU received pak with event message from CP, source spu id 0cp_sess_id=862262 flag a
 
Dec 13 22:24:46 22:24:46.528392:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:46 22:24:46.528426:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley Tongueacket [60] ipid = 28403, @0xfad350e8
 
Dec 13 22:24:46 22:24:46.528437:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:---- flow_process_pkt: (thd 29): flow_ctxt type 19, common flag 0x0, mbuf 0x2815c400, rtbl_idx = 0
 
Dec 13 22:24:46 22:24:46.528456:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow process pak, mbuf 0x2815c400, ifl 77, ctxt_type 19 inq type 1
 
Dec 13 22:24:46 22:24:46.528472:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:46 22:24:46.528482:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:46 22:24:46.528494:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:host inq check inq_type 0x1
 
Dec 13 22:24:46 22:24:46.528503:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_process_pkt_exception: local_flag: 0x00000100
 
Dec 13 22:24:46 22:24:46.528519:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  reth1.1301:172.29.3.32/57732->83.166.201.99/80, tcp, flag 2 syn
 
Dec 13 22:24:46 22:24:46.528552:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: find flow: table 0x497d17f8, hash 70141(0x7ffff), sa 172.29.3.32, da 83.166.201.99, sp 57732, dp 80, proto 6, tok 6
 
Dec 13 22:24:46 22:24:46.528594:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  no session found, start first path. in_tunnel - 0x0, from_cp_flag - 2048
 
Dec 13 22:24:46 22:24:46.528613:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  flow_first_create_session
 
Dec 13 22:24:46 22:24:46.528632:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:First path alloc and instl pending session, natp=0x86c4bc60, id=922329
 
Dec 13 22:24:46 22:24:46.528648:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  flow_first_in_dst_nat: in <reth1.1301>, out <N/A> dst_adr 83.166.201.99, sp 57732, dp 80
 
Dec 13 22:24:46 22:24:46.528673:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  chose interface reth1.1301 as incoming nat if.
 
Dec 13 22:24:46 22:24:46.528687:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 83.166.201.99(80)
 
Dec 13 22:24:46 22:24:46.528719:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_routing: vr_id 0, call flow_route_lookup(): src_ip 172.29.3.32, x_dst_ip 83.166.201.99, in ifp reth1.1301, out ifp N/A sp 57732, dp 80, ip_proto 6, tos 0
 
Dec 13 22:24:46 22:24:46.528761:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley Very Happyoing DESTINATION addr route-lookup
 
Dec 13 22:24:46 22:24:46.528780:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_ipv4_rt_lkup success 83.166.201.99, iifl 0x0, oifl 0x0
 
Dec 13 22:24:46 22:24:46.528805:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  routed (x_dst_ip 83.166.201.99) from BLD-10-PC (reth1.1301 in 1) to reth5.943, Next-hop: 10.195.10.14
 
Dec 13 22:24:46 22:24:46.528843:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_policy_search: policy search from zone BLD-10-PC-> zone Internet-FW-Connect (0x0,0xe1840050,0x50)
 
Dec 13 22:24:46 22:24:46.528869:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley Tongueolicy lkup: vsys 0 zone(6:BLD-10-PC) -> zone(17:Internet-FW-Connect) scope:0
 
Dec 13 22:24:46 22:24:46.528885:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:             172.29.3.32/57732 -> 83.166.201.99/80 proto 6
 
Dec 13 22:24:46 22:24:46.528984:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  app 6, timeout 300s, curr ageout 20s
 
Dec 13 22:24:46 22:24:46.528997:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  permitted by policy EXEMPT-UAC(34)
 
Dec 13 22:24:46 22:24:46.529007:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  packet passed, Permitted by policy.
 
Dec 13 22:24:46 22:24:46.529022:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
 
Dec 13 22:24:46 22:24:46.529038:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_src_xlate:  incoming src port is : 57732.
 
Dec 13 22:24:46 22:24:46.529050:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_src_xlate: src nat returns status: 0, rule/pool id: 0/0, pst_nat: False.
 
Dec 13 22:24:46 22:24:46.529066:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  dip id = 0/0, 172.29.3.32/57732->172.29.3.32/57732 protocol 0
 
Dec 13 22:24:46 22:24:46.529103:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  choose interface reth5.943(P2P) as outgoing phy if
 
Dec 13 22:24:46 22:24:46.529118:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:is_loop_pak: No loop: on ifp: reth5.943, addr: 83.166.201.99, rtt_idx:0
 
Dec 13 22:24:46 22:24:46.529143:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  check nsrp pak fwd: in_tun=0x0, VSD 5 for out ifp reth5.943
 
Dec 13 22:24:46 22:24:46.529157:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  vsd 5 is active
 
Dec 13 22:24:46 22:24:46.529168:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:-jsf : Alloc sess plugin info for session 922329
 
Dec 13 22:24:46 22:24:46.529178:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:[JSF]Normal interest check. regd plugins 29, enabled impl mask 0x0
 
Dec 13 22:24:46 22:24:46.529199:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.529243:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: Allocating plugin info block for plugin(6)
 
Dec 13 22:24:46 22:24:46.529253:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:[JSF] set ext handle 0x345e4180 for plugin 6 on session 922329
 
Dec 13 22:24:46 22:24:46.529276:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: Allocating plugin info block for plugin(16)
 
Dec 13 22:24:46 22:24:46.529349:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:+++++++++++jsf_test_plugin_data_evh: 3
 
Dec 13 22:24:46 22:24:46.529374:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:[JSF]Plugins(0x10040, count 2) enabled for session = 922329, impli mask(0x40), post_nat cnt 0 svc req(0x5)
 
Dec 13 22:24:46 22:24:46.529396:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:[JSF]c2s order list:
 
Dec 13 22:24:46 22:24:46.529401:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:           6
 
Dec 13 22:24:46 22:24:46.529406:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:           16
 
Dec 13 22:24:46 22:24:46.529410:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:[JSF]s2c order list:
 
Dec 13 22:24:46 22:24:46.529417:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:           16
 
Dec 13 22:24:46 22:24:46.529421:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:           6
 
Dec 13 22:24:46 22:24:46.529432:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  service lookup identified service 6.
 
Dec 13 22:24:46 22:24:46.529440:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  flow_first_final_check: in <reth1.1301>, out <reth5.943>
 
Dec 13 22:24:46 22:24:46.529454:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:In flow_first_complete_session
 
Dec 13 22:24:46 22:24:46.529468:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_first_complete_session, pak_ptr: 0xdcfe7798, nsp: 0x86c4bc60, in_tunnel: 0x0
 
Dec 13 22:24:46 22:24:46.529486:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:construct v4 vector for nsp2
 
Dec 13 22:24:46 22:24:46.529493:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  existing vector list 0x80a2-0x340187e0.
 
Dec 13 22:24:46 22:24:46.529504:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  Session (id:922329) created for first pak 80a2
 
Dec 13 22:24:46 22:24:46.529516:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:first pak processing successful
 
Dec 13 22:24:46 22:24:46.529523:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  flow_first_install_session======> 0x86c4bc60
 
Dec 13 22:24:46 22:24:46.529535:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: nsp 0x86c4bc60, nsp2 0x86c4bd18
 
Dec 13 22:24:46 22:24:46.529546:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  make_nsp_ready_no_resolve()
 
Dec 13 22:24:46 22:24:46.529572:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_ipv4_rt_lkup success 172.29.3.32, iifl 0x0, oifl 0x0
 
Dec 13 22:24:46 22:24:46.529598:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  route lookup: dest-ip 172.29.3.32 orig ifp reth1.1301 output_ifp reth1.1301 orig-zone 6 out-zone 6 vsd 1
 
Dec 13 22:24:46 22:24:46.529626:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  route to 172.29.3.32
 
Dec 13 22:24:46 22:24:46.529643:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.529659:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_save_lpak_info_to_mbuf_common: setting flow_ctxt->iif to:0 based on keybuf iif.
Dec 13 22:24:46 22:24:46.529681:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:queue pak for pending session 922329, natp=0x86c4bc60, paks queued 1
 
Dec 13 22:24:46 22:24:46.529706:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RTSmiley FrustratedPU send install sess to CP cp_sess_id=000d2836, spu_sess_id=000e12d9, natp=0x86c4bc60
 
Dec 13 22:24:46 22:24:46.529728:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:first path session installation succeeded
 
Dec 13 22:24:46 22:24:46.529737:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:  flow found or created a pending session.
 
Dec 13 22:24:46 22:24:46.529748:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT:flow_process_pkt_exception: Freeing lpak 0xdcfe7798 associated with mbuf 0x2815c400
 
Dec 13 22:24:46 22:24:46.529764:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-29:RT: ----- flow_process_pkt rc 0x11 (fp rc 0)
 
 
Dec 13 22:24:46 22:24:46.705129:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:46 22:24:46.705162:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RTSmiley Tongueacket [52] ipid = 28404, @0xf990a8e8
 
Dec 13 22:24:46 22:24:46.705174:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:---- flow_process_pkt: (thd 13): flow_ctxt type 15, common flag 0x3, mbuf 0x2805a200, rtbl_idx = 0
 
Dec 13 22:24:46 22:24:46.705192:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow process pak, mbuf 0x2805a200, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:46 22:24:46.705208:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:46 22:24:46.705218:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: setting SZ flag in lpak 0xdeff7728, mbuf 0x2805a200, sess id 0xe12d9
 
Dec 13 22:24:46 22:24:46.705232:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:46 22:24:46.705244:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:host inq check inq_type 0x1
 
Dec 13 22:24:46 22:24:46.705253:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:46 22:24:46.705265:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:46 22:24:46.705280:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  flow session id 922329
 
Dec 13 22:24:46 22:24:46.705291:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.705298:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:46 22:24:46.705308:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  vsd 5 is active
 
Dec 13 22:24:46 22:24:46.705317:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:46 22:24:46.705333:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.705355:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557d4f8, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:46 22:24:46.705378:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.705392:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  tcp seq check.
                                        
Dec 13 22:24:46 22:24:46.705399:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: tcp 3way refresh, is_half_open:0, tcp_proxy enabled:0, is_fwauth:0
 
Dec 13 22:24:46 22:24:46.705412:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  refreshing session
 
Dec 13 22:24:46 22:24:46.705424:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:46 22:24:46.705436:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:mbuf 0x2805a200, exit nh 0x8b1d3c1
 
Dec 13 22:24:46 22:24:46.705447:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_process_pkt_exception: Freeing lpak 0xdeff7728 associated with mbuf 0x2805a200
 
Dec 13 22:24:46 22:24:46.705463:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:46 22:24:46.705501:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:46 22:24:46.705533:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RTSmiley Tongueacket [152] ipid = 28405, @0xf98608e8
 
Dec 13 22:24:46 22:24:46.705543:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:---- flow_process_pkt: (thd 13): flow_ctxt type 15, common flag 0x3, mbuf 0x28051a00, rtbl_idx = 0
 
Dec 13 22:24:46 22:24:46.705562:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow process pak, mbuf 0x28051a00, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:46 22:24:46.705577:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:46 22:24:46.705586:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: setting SZ flag in lpak 0xdeff7728, mbuf 0x28051a00, sess id 0xe12d9
 
Dec 13 22:24:46 22:24:46.705600:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:46 22:24:46.705612:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:host inq check inq_type 0x1
 
Dec 13 22:24:46 22:24:46.705621:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:46 22:24:46.705633:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:46 22:24:46.705648:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  flow session id 922329
 
Dec 13 22:24:46 22:24:46.705657:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.705664:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: vector bits 0x80a2 vector 0x340187e0
                                        
Dec 13 22:24:46 22:24:46.705675:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  vsd 5 is active
 
Dec 13 22:24:46 22:24:46.705685:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:46 22:24:46.705699:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.707399:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557d5c8, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:46 22:24:46.707419:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.707435:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:  tcp seq check.
 
Dec 13 22:24:46 22:24:46.707444:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:46 22:24:46.707457:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:mbuf 0x28051a00, exit nh 0x8b1d3c1
 
Dec 13 22:24:46 22:24:46.707467:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT:flow_process_pkt_exception: Freeing lpak 0xdeff7728 associated with mbuf 0x28051a00
 
Dec 13 22:24:46 22:24:46.707483:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-13:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:46 22:24:46.703993:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:<83.166.201.99/80->172.29.3.32/57732;6> matched filter MatchTraffic:
 
Dec 13 22:24:46 22:24:46.704031:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley Tongueacket [60] ipid = 0, @0xf92aa0e8
 
Dec 13 22:24:46 22:24:46.704041:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:---- flow_process_pkt: (thd 28): flow_ctxt type 15, common flag 0x2, mbuf 0x28008800, rtbl_idx = 0
 
Dec 13 22:24:46 22:24:46.704062:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow process pak, mbuf 0x28008800, ifl 172, ctxt_type 15 inq type 1
 
Dec 13 22:24:46 22:24:46.704076:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: in_ifp <Internet-FW-Connect:reth5.943>
 
Dec 13 22:24:46 22:24:46.704088:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: setting SZ flag in lpak 0xdd1e8728, mbuf 0x28008800, sess id 0xe12d9
 
Dec 13 22:24:46 22:24:46.704102:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:46 22:24:46.704116:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:host inq check inq_type 0x1
 
Dec 13 22:24:46 22:24:46.704125:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 0
 
Dec 13 22:24:46 22:24:46.704137:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:NP session id - 922329 returns Non-Init side nsp -0x86c4bd18
 
Dec 13 22:24:46 22:24:46.704155:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  flow session id 922329
 
Dec 13 22:24:46 22:24:46.704165:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:ha_ifp: reth5.943
 
Dec 13 22:24:46 22:24:46.704173:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:46 22:24:46.704185:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  vsd 5 is active
 
Dec 13 22:24:46 22:24:46.704197:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_tcp_wsf_update: wsf 7
 
Dec 13 22:24:46 22:24:46.704214:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ****jsf svc chain: sess id 922329, dir 2, nat_done 0, pak pid 0, first pid 16
 
Dec 13 22:24:46 22:24:46.704230:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.704244:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:46 22:24:46.704276:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557d1b8, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:46 22:24:46.704297:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: tcp 3way refresh, is_half_open:0, tcp_proxy enabled:0, is_fwauth:0
 
Dec 13 22:24:46 22:24:46.704314:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:46 22:24:46.704327:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:mbuf 0x28008800, exit nh 0x8bbbbc1
 
Dec 13 22:24:46 22:24:46.704338:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: Freeing lpak 0xdd1e8728 associated with mbuf 0x28008800
 
Dec 13 22:24:46 22:24:46.704354:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:47 22:24:47.171485:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:47 22:24:47.171526:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley Tongueacket [152] ipid = 28406, @0xf84ba8e8
                                        
Dec 13 22:24:47 22:24:47.171537:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:---- flow_process_pkt: (thd 28): flow_ctxt type 15, common flag 0x3, mbuf 0x27f56200, rtbl_idx = 0
 
Dec 13 22:24:47 22:24:47.171558:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow process pak, mbuf 0x27f56200, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:47 22:24:47.171573:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:47 22:24:47.171585:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: setting SZ flag in lpak 0xdd1e8728, mbuf 0x27f56200, sess id 0xe12d9
 
Dec 13 22:24:47 22:24:47.171599:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:47 22:24:47.171614:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:host inq check inq_type 0x1
 
Dec 13 22:24:47 22:24:47.171623:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:47 22:24:47.171637:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:47 22:24:47.171653:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  flow session id 922329
 
Dec 13 22:24:47 22:24:47.171662:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  refreshing session
 
Dec 13 22:24:47 22:24:47.171673:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:ha_ifp: reth5.943
 
Dec 13 22:24:47 22:24:47.171682:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:47 22:24:47.171692:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  vsd 5 is active
 
Dec 13 22:24:47 22:24:47.171703:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:47 22:24:47.171719:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:47 22:24:47.171749:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557d698, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:47 22:24:47.171773:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:47 22:24:47.171787:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  tcp seq check.
 
Dec 13 22:24:47 22:24:47.171798:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
                                        
Dec 13 22:24:47 22:24:47.171810:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:mbuf 0x27f56200, exit nh 0x8b1d3c1
 
Dec 13 22:24:47 22:24:47.171822:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: Freeing lpak 0xdd1e8728 associated with mbuf 0x27f56200
 
Dec 13 22:24:47 22:24:47.171838:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:47 22:24:47.718538:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:47 22:24:47.718578:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley Tongueacket [152] ipid = 28407, @0xfae3e0e8
 
Dec 13 22:24:47 22:24:47.718589:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:---- flow_process_pkt: (thd 28): flow_ctxt type 15, common flag 0x3, mbuf 0x28169800, rtbl_idx = 0
 
Dec 13 22:24:47 22:24:47.718608:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow process pak, mbuf 0x28169800, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:47 22:24:47.718624:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:47 22:24:47.718635:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: setting SZ flag in lpak 0xdd1e8728, mbuf 0x28169800, sess id 0xe12d9
 
Dec 13 22:24:47 22:24:47.718651:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:47 22:24:47.718665:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:host inq check inq_type 0x1
 
Dec 13 22:24:47 22:24:47.718672:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:47 22:24:47.718685:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:47 22:24:47.718701:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  flow session id 922329
 
Dec 13 22:24:47 22:24:47.718714:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:ha_ifp: reth5.943
 
Dec 13 22:24:47 22:24:47.718721:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:47 22:24:47.718731:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  vsd 5 is active
 
Dec 13 22:24:47 22:24:47.718740:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:47 22:24:47.718757:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:47 22:24:47.718780:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557df88, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:47 22:24:47.718796:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:47 22:24:47.718812:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:  tcp seq check.
 
Dec 13 22:24:47 22:24:47.718819:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:47 22:24:47.718832:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:mbuf 0x28169800, exit nh 0x8b1d3c1
 
Dec 13 22:24:47 22:24:47.718842:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT:flow_process_pkt_exception: Freeing lpak 0xdd1e8728 associated with mbuf 0x28169800
 
Dec 13 22:24:47 22:24:47.718858:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-28:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:48 22:24:48.794085:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:48 22:24:48.794129:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RTSmiley Tongueacket [152] ipid = 28408, @0xfba5a0e8
 
Dec 13 22:24:48 22:24:48.794141:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:---- flow_process_pkt: (thd 15): flow_ctxt type 15, common flag 0x3, mbuf 0x28204800, rtbl_idx = 0
 
Dec 13 22:24:48 22:24:48.794161:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:flow process pak, mbuf 0x28204800, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:48 22:24:48.794175:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:48 22:24:48.794186:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: setting SZ flag in lpak 0xdebf5728, mbuf 0x28204800, sess id 0xe12d9
 
Dec 13 22:24:48 22:24:48.794200:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:48 22:24:48.794213:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:host inq check inq_type 0x1
 
Dec 13 22:24:48 22:24:48.794222:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:48 22:24:48.794236:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:48 22:24:48.794252:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:  flow session id 922329
 
Dec 13 22:24:48 22:24:48.794263:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:ha_ifp: reth5.943
 
Dec 13 22:24:48 22:24:48.794271:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:48 22:24:48.794282:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:  vsd 5 is active
 
Dec 13 22:24:48 22:24:48.794292:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:48 22:24:48.794308:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:48 22:24:48.794336:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x9557ed58, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:48 22:24:48.794355:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:48 22:24:48.794373:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:  tcp seq check.
 
Dec 13 22:24:48 22:24:48.794381:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:48 22:24:48.794395:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:mbuf 0x28204800, exit nh 0x8b1d3c1
 
Dec 13 22:24:48 22:24:48.794406:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT:flow_process_pkt_exception: Freeing lpak 0xdebf5728 associated with mbuf 0x28204800
 
Dec 13 22:24:48 22:24:48.794421:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-15:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:51 22:24:50.934888:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:51 22:24:50.934932:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RTSmiley Tongueacket [152] ipid = 28409, @0xfb3f98e8
 
Dec 13 22:24:51 22:24:50.934943:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:---- flow_process_pkt: (thd 14): flow_ctxt type 15, common flag 0x3, mbuf 0x281b2e00, rtbl_idx = 0
 
Dec 13 22:24:51 22:24:50.934963:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow process pak, mbuf 0x281b2e00, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:51 22:24:50.934979:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:51 22:24:50.934989:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: setting SZ flag in lpak 0xdedf6728, mbuf 0x281b2e00, sess id 0xe12d9
 
Dec 13 22:24:51 22:24:50.935004:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:51 22:24:50.935016:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:host inq check inq_type 0x1
 
Dec 13 22:24:51 22:24:50.935025:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:51 22:24:50.935037:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:51 22:24:50.935053:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:  flow session id 922329
 
Dec 13 22:24:51 22:24:50.935062:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:  refreshing session
 
Dec 13 22:24:51 22:24:50.935072:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:ha_ifp: reth5.943
 
Dec 13 22:24:51 22:24:50.935081:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:51 22:24:50.935090:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:  vsd 5 is active
 
Dec 13 22:24:51 22:24:50.935101:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:51 22:24:50.935115:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:51 22:24:50.935140:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x95585558, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:51 22:24:50.935157:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
 
Dec 13 22:24:51 22:24:50.935171:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:  tcp seq check.
 
Dec 13 22:24:51 22:24:50.935179:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:51 22:24:50.935192:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:mbuf 0x281b2e00, exit nh 0x8b1d3c1
 
Dec 13 22:24:51 22:24:50.935203:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT:flow_process_pkt_exception: Freeing lpak 0xdedf6728 associated with mbuf 0x281b2e00
 
Dec 13 22:24:51 22:24:50.935222:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-14:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
 
 
Dec 13 22:24:55 22:24:55.206420:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:<172.29.3.32/57732->83.166.201.99/80;6> matched filter MatchTraffic:
 
Dec 13 22:24:55 22:24:55.206461:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RTSmiley Tongueacket [152] ipid = 28410, @0xfa50b0e8
 
Dec 13 22:24:55 22:24:55.206474:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:---- flow_process_pkt: (thd 20): flow_ctxt type 15, common flag 0x3, mbuf 0x280f3c00, rtbl_idx = 0
 
Dec 13 22:24:55 22:24:55.206492:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:flow process pak, mbuf 0x280f3c00, ifl 77, ctxt_type 15 inq type 1
 
Dec 13 22:24:55 22:24:55.206508:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: in_ifp <BLD-10-PC:reth1.1301>
 
Dec 13 22:24:55 22:24:55.206519:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: setting SZ flag in lpak 0xde1f0728, mbuf 0x280f3c00, sess id 0xe12d9
 
Dec 13 22:24:55 22:24:55.206533:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:flow_process_pkt_exception: setting rtt in lpak to 0xaf019d30
 
Dec 13 22:24:55 22:24:55.206546:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:host inq check inq_type 0x1
 
Dec 13 22:24:55 22:24:55.206554:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:flow_np_session_id2nsp: NP hdr: session id - 922329, Flag - 8
 
Dec 13 22:24:55 22:24:55.206569:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:NP session id - 922329 returns Init side nsp -0x86c4bc60
 
Dec 13 22:24:55 22:24:55.206585:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:  flow session id 922329
 
Dec 13 22:24:55 22:24:55.206594:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:  refreshing session
 
Dec 13 22:24:55 22:24:55.206605:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:ha_ifp: reth5.943
 
Dec 13 22:24:55 22:24:55.206612:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: vector bits 0x80a2 vector 0x340187e0
 
Dec 13 22:24:55 22:24:55.206623:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:  vsd 5 is active
 
Dec 13 22:24:55 22:24:55.206633:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: ****jsf svc chain: sess id 922329, dir 1, nat_done 0, pak pid 0, first pid 6
 
Dec 13 22:24:55 22:24:55.206649:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
 
Dec 13 22:24:55 22:24:55.206676:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RTSmiley TongueKT-PROC for plugin junos-jdpi jbuf 0x95589658, sess jsf flags 0x0, rc 0
 
Dec 13 22:24:55 22:24:55.206694:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: plugin name junos-dpi-stream. action JSF_SESSION_ACTION_IGNORE, stbuf 0x0
                                        
Dec 13 22:24:55 22:24:55.206708:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:  tcp seq check.
 
Dec 13 22:24:55 22:24:55.206718:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
 
Dec 13 22:24:55 22:24:55.206730:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:mbuf 0x280f3c00, exit nh 0x8b1d3c1
 
Dec 13 22:24:55 22:24:55.206741:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT:flow_process_pkt_exception: Freeing lpak 0xde1f0728 associated with mbuf 0x280f3c00
 
Dec 13 22:24:55 22:24:55.206756:CID-01:FPC-01Smiley TongueIC-00:THREAD_ID-20:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)

Re: How to change SRX route-based VPN proxy id

December 13, 2017, 10:58 am
$
0
0

Did you actually try your configuration on a live SRX?! there is only one proxy-ID defination is allowed, to get around the limitation, you use traffic-selectors.

SRX port forwarding - intermittent results

December 13, 2017, 11:27 am
$
0
0

Hello-

 

I have an SRX300 and have created quite a few port forwarding instance. I recently created one it it works intermitently. I am connecting to an NVR with a web browser and I have 2 issues:

 

Going to the URL, say http://11.22.33.44:1080, sometimes the page comes right up, sometimes I have to wait, sometimes it does come up at all. Currently, port 1080 goes to port 1080 internally (was previously translating to port 80 on the inside). Sometimes the page comes right up, sometimes I have to wait, sometimes it does come up at all. When i have to wait or if it is not responding, running a "show security flow session destination-port 1080" does not show any results - once the connection happens, then the session flow shows up.

 

If the page does come up and I then start looking at the various camera views, it will run for a while and then stop.  By a while, I mean that the session can last 5 minutes or 2 hours or 5 hours - there's just no rhyme or reason.

 

I have a PC on the inside of the network and it can connect first time, every time, and run all day.

 

Anyone have a clue?

Re: Does entire session will re-establish back if we change MTU on physical interface?

December 13, 2017, 5:49 pm
$
0
0
Hi rsuraj,

Lets say the physical mtu still use default value 1514... but if I increase the logical interface mtu to 9192 then is it that logical interface can use jumbo frame even the physical itself not change mtu?

Thanks and appreciate your feedback

Re: SRX port forwarding - intermittent results

December 13, 2017, 11:12 pm
$
0
0

Hi,

 

i does sound strange. Could you please provide Junos version and config snippets for interfaces, nat and security policies? Then it's easier to come up with suggestions or needed changes.

 

Thanks!

Re: SRX port forwarding - intermittent results

December 14, 2017, 4:07 am
$
0
0

Hello Jonas-

Last night I upgraded the firmware from 15.1X49-D90 to 15.1X49-D110.4 and that seems to have fixed the issue. Fingers crossed. Thanks for the reply!

Bruce

Issues with ISP when running IPOE

December 14, 2017, 4:12 am
$
0
0

Good Evening

 

I have notice alot of our IPS down here are now running IPOE. The issue is that the SRX thinks everything is ok if there is an upstream issue as it only needs to try every few hours to renew its IP address via IPOE/DHCP. Is there a safe way to reset the interface or flush the route table of 0.0.0.0/0 discovered by dhcp if there is a ISP outage? The issue is that the net hop is not working due to the fault 0.0.0.0/0 path still in the routing table. Disbaling the interface is easy using events scripts but we want to ablitliy to just flush the dhcp route so that when the service comes back up again it will relearn that route. Yes I know having bgp or BFD is a better option but down here we have to deal with the NBN which using IPOE for most of there RSP's

 

Search

Re: Does entire session will re-establish back if we change MTU on physical interface?

December 14, 2017, 9:00 am
$
0
0
AFAIK, the logical interface MTU cannot be higher than physical interface MTU.

I want to create a policy to allow *.cisco.com or cisco.com/uri

December 15, 2017, 6:39 am
$
0
0

I want to create a policy on SRX firewall to allow  anything *.cisco.com any uri cisco.com/uri. I would say anything on cisco website but block other websites.

for eg. mycase.cloudapps.cisco.com

sso.cisco.com/autho/forms

 

can we create fqdn (dns name object) for the above and allow in the policy.

Address Book and Security Policy

December 15, 2017, 1:07 pm
$
0
0

Hello,

 

I just started using a SRX device two days back only. So this might be very newbie question.

 

I am basically trying to create a firewall policy using address-books. I just want to confirm that this is the right way to configure this.

 

1) It's always better to use the global address. If I define a non-global addrress book, that will need to be attached to a zone and that address-book will be usable only inside that zone policy.

2) Firewall policy are written as shown below. There is no option to have just one policy and have different terms(term1, term2......) like in a routing policy

 

user@FW-01> show configuration security address-book                                
global {
    address Test 1.1.1.1/32;
    address New 3.3.3.0/27;
    address-set Test-Set {
        address Test;
        address New;
    }
}

user@FW-01> show configuration security policies from-zone untrust to-zone trust    
policy Test {
    match {
        source-address Test-Set;
        destination-address any;
        application junos-tftp;
    }
    then {
        permit;
    }
}
policy New_Policy {
    match {
        source-address any;
        destination-address any;
        application junos-ike;
    }
    then {
        permit;
    }
}

user@FW-01>

Re: Address Book and Security Policy

December 15, 2017, 2:27 pm
$
0
0
Hello,
Yes ! You are right.
1. You can configure address under global adress book or under zone address book, if you configure it under zone address book, you can see it under zone. It's better to configure under global address book and without capital letters.
2. Yes there is not term option, you can configure one rule in one policy. Imagine that each policy is term and from-zone to-zone is policy.

Re: I want to create a policy to allow *.cisco.com or cisco.com/uri

December 15, 2017, 2:32 pm
$
0
0
Hello,
Yes you can with command:
Set security zone security-zone "test" address-book address "cisco-test" dns-name cisco.com

Re: Address Book and Security Policy

December 15, 2017, 2:36 pm
$
0
0

1. I wouldn't say it's always better. Defining addresses in the global address-book is a must for some NAT configurations and global policies. Otherwise I prefer to use address-books attached to zones. It gives you an extra validation check when defining policies.

2. Yes, there are no terms in security policies.

 

Regards, Wojtek

Re: I want to create a policy to allow *.cisco.com or cisco.com/uri

December 15, 2017, 2:34 pm
Search

What are mean Invalidated sessions?

December 15, 2017, 8:44 pm
$
0
0

Hi all,

 

May i know the invalidated session refer to what? Is it refer to traffic that drop due to policy deny? or other thing that need to investigate detail?  Appreciate any feedback

 

{primary:node1}
test@srx5400> show security flow session summary
node0:
--------------------------------------------------------------------------

Flow Sessions on FPC0 PIC1:
Unicast-sessions: 64213
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 68415
  Valid sessions: 64149
  Pending sessions: 0
  Invalidated sessions: 4266
  Sessions in other states: 0
Maximum-sessions: 6291456

Flow Sessions on FPC0 PIC2:
Unicast-sessions: 62546
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 66487
  Valid sessions: 63810
  Pending sessions: 0
  Invalidated sessions: 2677
  Sessions in other states: 0
Maximum-sessions: 6291456

Flow Sessions on FPC0 PIC3:
Unicast-sessions: 62172
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 66204
  Valid sessions: 64074
  Pending sessions: 0
  Invalidated sessions: 2130
  Sessions in other states: 0
Maximum-sessions: 6291456

node1:
--------------------------------------------------------------------------

Flow Sessions on FPC0 PIC1:
Unicast-sessions: 63665
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 68093
  Valid sessions: 62900
  Pending sessions: 0
  Invalidated sessions: 5193
  Sessions in other states: 0
Maximum-sessions: 6291456

Flow Sessions on FPC0 PIC2:
Unicast-sessions: 62244
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 67517
  Valid sessions: 62255
  Pending sessions: 0
  Invalidated sessions: 5262
  Sessions in other states: 0
Maximum-sessions: 6291456

Flow Sessions on FPC0 PIC3:
Unicast-sessions: 61811
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 0
Sessions-in-use: 66183
  Valid sessions: 61816
  Pending sessions: 1
  Invalidated sessions: 4366
  Sessions in other states: 0
Maximum-sessions: 6291456

Re: What are mean Invalidated sessions?

December 16, 2017, 3:05 am
$
0
0

It has to do with TCP session closure

 

3-Way handshake:

Client A Server B
FIN
             FIN/ACK ---> session timer set to 150s
ACK                    ---> session timer set to 2s

4-Way handshake:

Client A   Server B
========================
[1] FIN
[2]                    ACK
[3]                    FIN ---> session timer set to 150s
[4] ACK                    ---> session timer set to 2s

During the 2s timeout in the last step the session is in invalidated state. 

Usually this counter should be ~0. There were bugs causing it not to clear so you should monitor if this counter is increasing or not.

You can also look for sessions that are in "FIN state: 2" and have "Current timeout:" greater than 2s.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23462

https://kb.juniper.net/InfoCenter/index?page=content&id=KB22738

 

Regards, Wojtek

Re: How to change SRX route-based VPN proxy id

December 16, 2017, 7:33 am
$
0
0

Thanks Old Creek, I was confusing proxy-id with traffic selectors.  I saw the main question as how to have only one subnet on local with two on remote.  You need to configure each set as separate pairs.

 

But as you note the proxy-id stanza only allows one, while the traffic selector can have the mulitple.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB28820

 

Re: SRX 1400 is blocking packets for download during Debian Distribution installation

December 16, 2017, 7:47 am
$
0
0

Thanks for the answers and the data.  I see frequent session refreshes after the tcp sequence checks.  Could you try turning this off for a test?

 

set security flow tcp-session no-sequence-check

 

IP-Monitoring not failing over

December 16, 2017, 9:22 am
$
0
0

I am probing address 4.4.4.4, it shows pass but the history shows failed?

    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    INET-UP                TargetIP        4.4.4.4          PASS

 

    Owner, Test                 Probe Sent              Probe received              Round trip time
    INET-UP, TargetIP                                   Sat Dec 16 22:59:57 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:00:22 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:00:47 2017    Request timed out

 

show services rpm
probe INET-UP {
    test TargetIP {
        target address 4.4.4.4;
        probe-interval 15;
        test-interval 10;
        thresholds {
            successive-loss 3;
            total-loss 3;
        }
        destination-interface ge-0/0/0.0;
    }
}

show services ip-monitoring
policy INET-UP-MON {
    match {
        rpm-probe INET-UP;
    }
    then {
        preferred-route {
            route 4.2.2.2/32 {
                next-hop 192.168.0.2;
            }
        }
    }
}
show services ip-monitoring status

Policy - INET-UP-MON (Status: PASS)
  RPM Probes:
    Probe name             Test Name       Address          Status
    ---------------------- --------------- ---------------- ---------
    INET-UP                TargetIP        4.4.4.4          PASS
  Route-Action:
    route-instance    route             next-hop         state
    ----------------- ----------------- ---------------- -------------
    inet.0            4.2.2.2/32        192.168.0.2      NOT-APPLIED

show services rpm history-results
    Owner, Test                 Probe Sent              Probe received              Round trip time
    INET-UP, TargetIP                                   Sat Dec 16 22:59:57 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:00:22 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:00:47 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:01:12 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:01:37 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:02:02 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:02:27 2017    Request timed out
    INET-UP, TargetIP                                   Sat Dec 16 23:02:52 2017    Request timed out

Viewing all 17645 articles
Browse latest View live
Search