Hi bmanvita ,
Thank you for sharing the information. With the help of extensions, it would block PDF files.
I am specifically looking for password protected files.
Thanks,
Hari.
↧
Re: To Block Password protected PDF File
↧
Re: To Block Password protected PDF File
Hi Hari,
As already explained, content-filtering works using the extension .pdf which is same for password protected as well as non protected. So there is no way for SRX to differentiate if it is password protected or not using content-filtering.
To keep it short, it is not possible to block specifically password protected pdf files.
Hope this helps.
Thanks and Regards,
Pradeep Kumar
↧
↧
Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.
Hi Hari,
I hope you are doing well!
As conveyed to you on another post, it is expected that you are unable to block files upload by using HTTP/HTTPS content filtering.
The below KB has more details about the issue you are facing:
This is supposed to be a new feature and you might have to raise a feature request to get this added to your Junos.
I hope this helps 
Please mark this "Accepted Solution" if this helps you resolve your query.
Kudos are much appreciated too
↧
High CPU on SPC cards
During the last week we have seen high CPU usage on SPC cards on the SRX3600(relase 12.3X48-D75.4). After investigating further we have found out that the most probable culprit is one of our websites that is sending push notifications to users several times a day.
In the logs we are seeing the following messages:
May 7 14:07:35 xxxx PERF_MON: RTPERF_CPU_THRESHOLD_EXCEEDED: FPC 2 PIC 0 CPU utilization exceeds threshold, current value=85
May 7 14:08:37 xxxx PERF_MON: RTPERF_CPU_THRESHOLD_EXCEEDED: FPC 1 PIC 0 CPU utilization exceeds threshold, current value=95
Today we have tried further analysis during one such incident where we monitored number of sessions, number of new sessions, the state of CPU and memory on the SPCs and active processes. The document with the logs is attached.
From these we have not been able to determine what could be the cause as all of the parameters seem to be in line with the specifications. The traffic is also quite constant through the day with slight variations.
What else could we monitor or test to determine the cause of such behavior because when this happens our other users are experiencing problems that can last for quite some time.
↧
Re: To Block Password protected PDF File
Hi Pradeep,
Thank you for sharing the information.
Thanks,
Hari.
↧
↧
Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.
Hello,
Yes I have gone through the KB . Much appreciated for giving response.
I tried by creating below custom IPS signature to match http-header-content-type with .exe, it worked for me.
set security idp custom-attack Block-EXE severity major
set security idp custom-attack Block-EXE attack-type chain expression " m01 or m02 or m03"
set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature context http-header-content-type
set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature pattern application/octet-stream
set security idp custom-attack Block-EXE attack-type chain member m01 attack-type signature direction any
set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature context http-header-content-type
set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature pattern application/x-msdownload
set security idp custom-attack Block-EXE attack-type chain member m02 attack-type signature direction any
set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature context http-header-content-type
set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature pattern application/vnd.microsoft.portable-executable
set security idp custom-attack Block-EXE attack-type chain member m03 attack-type signature direction any
Thanks,
Hari.
↧
Re: Content-Filtering- HTTP/HTTPS Upload not working for .exe and .zip file types.
Hi Hari,
That's great! Kudos to you Might as well help me if I'm stuck on a similar issue Thanks for sharing this!
↧
Re: High CPU on SPC cards
Hello Igor,
Greetings!.
I am not able to see the document with the log file is attached on the post 
Can you double-check and re-attach the file?
Regards,
Lingabasappa H
↧
Re: High CPU on SPC cards
This is weird no matter what I do the file won't show in either the original post or a new one. I will copy paste the results here.
Before the problem
show security monitoring fpc 1 node 0
node0:
--------------------------------------------------------------------------
FPC 1
PIC 0
CPU utilization : 34 %
Memory utilization : 62 %
Current flow session : 84412
Current flow session IPv4: 84412
Current flow session IPv6: 0
Max flow session : 524288
Current CP session : 255976
Current CP session IPv4: 255976
Current CP session IPv6: 0
Max CP session : 2359296
Total Session Creation Per Second (for last 96 seconds on average): 2688
IPv4 Session Creation Per Second (for last 96 seconds on average): 2688
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
show security monitoring fpc 2 node 0
node0:
--------------------------------------------------------------------------
FPC 2
PIC 0
CPU utilization : 47 %
Memory utilization : 64 %
Current flow session : 165064
Current flow session IPv4: 165064
Current flow session IPv6: 0
Max flow session : 1048576
Current CP session : 0
Current CP session IPv4: 0
Current CP session IPv6: 0
Max CP session : 0
Total Session Creation Per Second (for last 96 seconds on average): 2688
IPv4 Session Creation Per Second (for last 96 seconds on average): 2688
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
show security monitoring performance session node 0
node0:
--------------------------------------------------------------------------
fpc 1 pic 0
Last 60 seconds:
0: 83436 1: 84412 2: 83564 3: 84451 4: 83580 5: 84424
6: 83588 7: 84410 8: 83589 9: 84367 10: 83537 11: 84322
12: 83534 13: 84407 14: 83583 15: 84491 16: 83642 17: 84521
18: 83701 19: 84609 20: 83729 21: 84549 22: 83674 23: 84488
24: 83625 25: 84423 26: 83528 27: 84391 28: 83535 29: 84433
30: 83630 31: 84519 32: 83674 33: 84483 34: 83639 35: 84544
36: 83678 37: 84661 38: 83791 39: 84792 40: 83880 41: 84814
42: 83914 43: 84737 44: 83829 45: 84491 46: 83452 47: 84038
48: 82735 49: 82797 50: 80922 51: 80306 52: 78160 53: 78174
54: 77200 55: 77931 56: 77095 57: 77935 58: 77150 59: 77872
fpc 2 pic 0
Last 60 seconds:
0: 166746 1: 165064 2: 166920 3: 165277 4: 166972 5: 165245
6: 166989 7: 165324 8: 166997 9: 165439 10: 167017 11: 165407
12: 167158 13: 165442 14: 167235 15: 165565 16: 167469 17: 165840
18: 167647 19: 165912 20: 167537 21: 165698 22: 167470 23: 165760
24: 167264 25: 165488 26: 167357 27: 165650 28: 167335 29: 165688
30: 167529 31: 165844 32: 167669 33: 166005 34: 167745 35: 166024
36: 167924 37: 166194 38: 168272 39: 166439 40: 168138 41: 166262
42: 168090 43: 166400 44: 167868 45: 165899 46: 167066 47: 164575
48: 164996 49: 161566 50: 160857 51: 156241 52: 155741 53: 153480
54: 154804 55: 153094 56: 154702 57: 153169 58: 154824 59: 153132
show security monitoring performance spu node 0
node0:
--------------------------------------------------------------------------
fpc 1 pic 0
Last 60 seconds:
0: 38 1: 34 2: 35 3: 36 4: 33 5: 32
6: 35 7: 36 8: 32 9: 34 10: 36 11: 32
12: 32 13: 33 14: 34 15: 35 16: 36 17: 35
18: 37 19: 35 20: 33 21: 34 22: 36 23: 35
24: 34 25: 35 26: 33 27: 33 28: 35 29: 32
30: 39 31: 35 32: 34 33: 37 34: 35 35: 33
36: 35 37: 33 38: 38 39: 33 40: 37 41: 33
42: 37 43: 35 44: 41 45: 41 46: 41 47: 47
48: 54 49: 56 50: 63 51: 58 52: 43 53: 37
54: 42 55: 38 56: 37 57: 35 58: 36 59: 35
fpc 2 pic 0
Last 60 seconds:
0: 44 1: 47 2: 48 3: 47 4: 49 5: 45
6: 47 7: 47 8: 46 9: 47 10: 44 11: 44
12: 44 13: 45 14: 45 15: 46 16: 47 17: 47
18: 48 19: 52 20: 48 21: 46 22: 44 23: 47
24: 45 25: 48 26: 45 27: 46 28: 45 29: 50
30: 43 31: 44 32: 44 33: 46 34: 45 35: 47
36: 47 37: 50 38: 48 39: 52 40: 50 41: 48
42: 52 43: 53 44: 53 45: 60 46: 63 47: 67
48: 74 49: 82 50: 85 51: 62 52: 47 53: 50
54: 44 55: 45 56: 46 57: 50 58: 46 59: 46
show security flow session summary node 0
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC1 PIC0:
Unicast-sessions: 82516
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 281561
Sessions-in-use: 84046
Valid sessions: 82402
Pending sessions: 0
Invalidated sessions: 1644
Sessions in other states: 0
Maximum-sessions: 524288
Flow Sessions on FPC2 PIC0:
Unicast-sessions: 163501
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 207059781
Sessions-in-use: 166394
Valid sessions: 163032
Pending sessions: 1
Invalidated sessions: 3361
Sessions in other states: 0
Maximum-sessions: 1048576
show security flow cp-session summary node 0
node0:
--------------------------------------------------------------------------
Valid sessions: 245758
Pending sessions: 304
Invalidated sessions: 7376
Sessions in other states: 0
Total sessions: 253438
Maximum sessions: 2359296
show security monitoring node 0
node0:
--------------------------------------------------------------------------
Flow session Flow session CP session CP session
FPC PIC CPU Mem current maximum current maximum
---------------------------------------------------------------------------
1 0 35 63 83538 524288 253292 2359296
2 0 46 65 165336 1048576 0 0
show system processes extensive node 0 | except 0.0
node0:
--------------------------------------------------------------------------
155 processes: 3 running, 125 sleeping, 27 waiting
Mem: 292M Active, 56M Inact, 114M Wired, 5580K Cache, 110M Buf, 513M Free
Swap: 2046M Total, 2046M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
11 root 1 171 52 0K 16K RUN ??? 83.45% idle
1341 root 1 96 0 127M 21920K select 628.4H 3.71% chassisd
1092 root 1 98 0 13100K 6904K select 37:25 0.39% eventd
During the problem
show security monitoring fpc 1 node 0
node0:
--------------------------------------------------------------------------
FPC 1
PIC 0
CPU utilization : 99 %
Memory utilization : 62 %
Current flow session : 88056
Current flow session IPv4: 88056
Current flow session IPv6: 0
Max flow session : 524288
Current CP session : 268365
Current CP session IPv4: 268365
Current CP session IPv6: 0
Max CP session : 2359296
Total Session Creation Per Second (for last 96 seconds on average): 2805
IPv4 Session Creation Per Second (for last 96 seconds on average): 2805
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
show security monitoring fpc 2 node 0
node0:
--------------------------------------------------------------------------
FPC 2
PIC 0
CPU utilization : 99 %
Memory utilization : 64 %
Current flow session : 172004
Current flow session IPv4: 172004
Current flow session IPv6: 0
Max flow session : 1048576
Current CP session : 0
Current CP session IPv4: 0
Current CP session IPv6: 0
Max CP session : 0
Total Session Creation Per Second (for last 96 seconds on average): 2805
IPv4 Session Creation Per Second (for last 96 seconds on average): 2805
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
show security monitoring performance session node 0
node0:
--------------------------------------------------------------------------
fpc 1 pic 0
Last 60 seconds:
0: 87688 1: 88056 2: 86662 3: 85288 4: 83717 5: 84522
6: 83737 7: 84601 8: 83714 9: 84486 10: 83565 11: 84340
12: 83538 13: 84291 14: 83436 15: 84412 16: 83564 17: 84451
18: 83580 19: 84424 20: 83588 21: 84410 22: 83589 23: 84367
24: 83537 25: 84322 26: 83534 27: 84407 28: 83583 29: 84491
30: 83642 31: 84521 32: 83701 33: 84609 34: 83729 35: 84549
36: 83674 37: 84488 38: 83625 39: 84423 40: 83528 41: 84391
42: 83535 43: 84433 44: 83630 45: 84519 46: 83674 47: 84483
48: 83639 49: 84544 50: 83678 51: 84661 52: 83791 53: 84792
54: 83880 55: 84814 56: 83914 57: 84737 58: 83829 59: 84491
fpc 2 pic 0
Last 60 seconds:
0: 174666 1: 172004 2: 170732 3: 165921 4: 167269 5: 165561
6: 167455 7: 165736 8: 167267 9: 165428 10: 166983 11: 165336
12: 167008 13: 165187 14: 166746 15: 165064 16: 166920 17: 165277
18: 166972 19: 165245 20: 166989 21: 165324 22: 166997 23: 165439
24: 167017 25: 165407 26: 167158 27: 165442 28: 167235 29: 165565
30: 167469 31: 165840 32: 167647 33: 165912 34: 167537 35: 165698
36: 167470 37: 165760 38: 167264 39: 165488 40: 167357 41: 165650
42: 167335 43: 165688 44: 167529 45: 165844 46: 167669 47: 166005
48: 167745 49: 166024 50: 167924 51: 166194 52: 168272 53: 166439
54: 168138 55: 166262 56: 168090 57: 166400 58: 167868 59: 165899
show security monitoring performance spu node 0
node0:
--------------------------------------------------------------------------
fpc 1 pic 0
Last 60 seconds:
0: 99 1: 99 2: 95 3: 61 4: 34 5: 31
6: 34 7: 35 8: 34 9: 35 10: 34 11: 33
12: 35 13: 39 14: 38 15: 34 16: 35 17: 36
18: 33 19: 32 20: 35 21: 36 22: 32 23: 34
24: 36 25: 32 26: 32 27: 33 28: 34 29: 35
30: 36 31: 35 32: 37 33: 35 34: 33 35: 34
36: 36 37: 35 38: 34 39: 35 40: 33 41: 33
42: 35 43: 32 44: 39 45: 35 46: 34 47: 37
48: 35 49: 33 50: 35 51: 33 52: 38 53: 33
54: 37 55: 33 56: 37 57: 35 58: 41 59: 41
fpc 2 pic 0
Last 60 seconds:
0: 99 1: 99 2: 99 3: 98 4: 65 5: 45
6: 45 7: 42 8: 46 9: 46 10: 42 11: 44
12: 46 13: 47 14: 44 15: 44 16: 47 17: 48
18: 47 19: 49 20: 45 21: 47 22: 47 23: 46
24: 47 25: 44 26: 44 27: 44 28: 45 29: 45
30: 46 31: 47 32: 47 33: 48 34: 52 35: 48
36: 46 37: 44 38: 47 39: 45 40: 48 41: 45
42: 46 43: 45 44: 50 45: 43 46: 44 47: 44
48: 46 49: 45 50: 47 51: 47 52: 50 53: 48
54: 52 55: 50 56: 48 57: 52 58: 53 59: 53
show security flow session summary node 0
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC1 PIC0:
Unicast-sessions: 86532
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 281561
Sessions-in-use: 88439
Valid sessions: 87030
Pending sessions: 1
Invalidated sessions: 1408
Sessions in other states: 0
Maximum-sessions: 524288
Flow Sessions on FPC2 PIC0:
Unicast-sessions: 174912
Multicast-sessions: 0
Services-offload-sessions: 0
Failed-sessions: 207059781
Sessions-in-use: 176836
Valid sessions: 174158
Pending sessions: 2
Invalidated sessions: 2676
Sessions in other states: 0
Maximum-sessions: 1048576
show security flow cp-session summary node 0
node0:
--------------------------------------------------------------------------
Valid sessions: 264078
Pending sessions: 4955
Invalidated sessions: 7685
Sessions in other states: 0
Total sessions: 276718
Maximum sessions: 2359296
show security monitoring node 0
node0:
--------------------------------------------------------------------------
Flow session Flow session CP session CP session
FPC PIC CPU Mem current maximum current maximum
---------------------------------------------------------------------------
1 0 99 63 89858 524288 280494 2359296
2 0 99 65 177371 1048576 0 0
show system processes extensive node 0 | except 0.0
node0:
--------------------------------------------------------------------------
last pid: 4294; load averages: 0.42, 0.23, 0.11 up 580+12:07:49 14:08:42
156 processes: 5 running, 125 sleeping, 26 waiting
Mem: 293M Active, 56M Inact, 114M Wired, 5580K Cache, 110M Buf, 512M Free
Swap: 2046M Total, 2046M Free
PID USERNAME THR PRI NICE SIZE RES STATE TIME WCPU COMMAND
11 root 1 171 52 0K 16K RUN ??? 81.20% idle
1341 root 1 103 0 127M 21920K select 628.4H 3.66% chassisd
1092 root 1 102 0 13100K 6904K select 37:25 0.34% eventd
↧
↧
VRRP for vSRX 20.1R1.11 bug?
Hello, everyone!
I have two vSRX 20.1R1.11 and VRRP between them. They can see each other:
vSRX-IAP01> show vrrp summary Interface State Group VR state VR Mode Type Address ge-0/0/1.0 up 100 master Active lcl 172.31.255.252 vip 172.31.255.250
vSRX-IAP02> show vrrp summary
Interface State Group VR state VR Mode Type Address
ge-0/0/1.0 up 100 backup Active lcl 172.31.255.253
vip 172.31.255.250 But I cannot ping VIP 172.31.255.250 and traffic does not flow through it, though I have accept-data.
When I'm issuing monitor traffic interface ge-0/0/1, ping and traffic start flowing, though, I do not see them in monitor.
Config for both vrrp:
Master:
vSRX-IAP01> show configuration interfaces ge-0/0/1
mtu 9000;
unit 0 {
family inet {
address 172.31.255.252/24 {
vrrp-group 100 {
virtual-address 172.31.255.250;
priority 150;
preempt {
hold-time 15;
}
accept-data;
authentication-type md5;
authentication-key "$9$uqXOBRcKMXbs4yls4aZkquO1hv8dbY4JU/Clv"; ## SECRET-DATA
track {
interface lo0 {
priority-cost 100;
}
}
}
}
}
}Backup:
vSRX-IAP02> show configuration interfaces ge-0/0/1
mtu 9000;
unit 0 {
family inet {
address 172.31.255.253/24 {
vrrp-group 100 {
virtual-address 172.31.255.250;
priority 100;
preempt {
hold-time 15;
}
accept-data;
authentication-type md5;
authentication-key "$9$Sh1lv8-VYZUHX7UHqmF3SreWdwaZDH.f1R7d"; ## SECRET-DATA
}
}
}
}
↧
Re: VRRP for vSRX 20.1R1.11 bug?
Have you put this into packet mode?
If not you also need to assign the interfaces to a zone and allow the protocol traffic for the zone
security zones security-zone NAME host-inbound-traffic protocols vrrp
↧
Re: VRRP for vSRX 20.1R1.11 bug?
Hello, thanks for your reply.
Yes, interfaces in the zones and vrrp is allowed:
vSRX-IAP01> show configuration security zones security-zone trust
tcp-rst;
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
ssh;
https;
dns;
}
protocols {
vrrp;
}
}
}
}
↧
Re: SRX SNAT FLOW SESSION
Thanks, Pradkm. This sentence removes the confusion - "Source NAT does not have any impact on the route lookup".
Regards.
↧
↧
SRX5400 OS path selection for upgrade
Hi,
Currently, SRX5400 (SRX5k RE-1800X4) is running with 15.1X49-D110.4 built 2017-09-08.
I have looked at the latest recommended version at https://kb.juniper.net/InfoCenter/index?page=content&id=kb21476
It says - 18.4R3-S2 service release is recommended for SRX5400 (SRX5k RE-1800X4).
Is it okay to upgrade directly from 15.1X49-D110.4 to 18.4R3-S2 for SRX5400 (SRX5k RE-1800X4)?
Thanks.
↧
Re: SRX5400 OS path selection for upgrade
Hi,
I don't think you will be able to perform a direct ugrade from 15.1X49-D110.4 to 18.4R3-S2. You are expected to see an error "unsupported h/w" if you try the upgrade.
Even as per the KB link you mentioned in the post, you can upgrade the box from 15.1X49-D110.4 to 18.2R3 or 18.2R3 based Service Releases directly and from there you can upgrade to 18.4R3-S2 without any issues.
So please follow the step upgrade and you should not see any issues:
15.1X49-D110.4 ---> 18.2R3 or 18.2R3 based Service Releases ----> 18.4R3-S2.
Hope this helps.
Thanks and Regards,
Pradeep Kumar M
|| If this solves your problem, please mark this post as "Accepted Solution" so we can help others too ||
↧
Re: SRX5400 OS path selection for upgrade
Thanks, Pradkm.
I can see the below note in KB (https://kb.juniper.net/InfoCenter/index?page=content&id=kb21476):
Notes for upgrading from Junos 15.1X49 releases to 18.2R3 or 18.2R3 based Service Releases:
Junos OS upgrade from 15.1X49 directly to 18.2R3 or 18.2R3 based Service Releases is supported for all SRX platforms, except vSRX. To upgrade vSRX from 15.1X49 to higher versions, deploy a new vSRX VM.
So, I guess there should be no any base OS requirements from 18.2R3 to 18.4R3-S2?
Regards.
↧
Re: SRX5400 OS path selection for upgrade
Thats true. You can directly upgrade from 18.2R3 to 18.4R3-S2. No issues.
As mentioned earlier, follow this: 15.1X49-D110.4 ---> 18.2R3 or 18.2R3 based Service Releases ----> 18.4R3-S2.
Thanks and Regards,
Pradeep Kumar M
|| If this solves your problem, please mark this post as "Accepted Solution" so we can help others too ||
↧
↧
reordering security policy's in different configuration groups
Hi
i have two two security policies currently configured under the same from and to zones, for example trust-zone and untrust-zone. one of the policies is attached to a group for example "3rdparty" the other has no group attached to it
when i try to use the "insert before" option when im editing the config under the group "3rdparty" it does not show the policy not within the group and vice versa
https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-reordering-policies.html
my question: is there an option for re ordering policys in different groups or a policy not in a group for that matter.
root> show security policies
Default policy: deny-all
From zone: trust, To zone: untrust
Policy: deny-all-log, State: enabled, Index: 5, Scope Policy: 0, Sequence number: 1
Source addresses: any
Destination addresses: any
Applications: any
Action: deny, log
Policy: basic-permit, State: enabled, Index: 4, Scope Policy: 0, Sequence number: 2
Source addresses: any
Destination addresses: any
Applications: junos-icmp-ping
Action: permit, logset groups lab security policies from-zone trust to-zone untrust policy basic-permit match source-address any set groups lab security policies from-zone trust to-zone untrust policy basic-permit match destination-address any set groups lab security policies from-zone trust to-zone untrust policy basic-permit match application junos-icmp-ping set groups lab security policies from-zone trust to-zone untrust policy basic-permit then permit set groups lab security policies from-zone trust to-zone untrust policy basic-permit then log session-init set security policies from-zone trust to-zone untrust policy deny-all-log match source-address any set security policies from-zone trust to-zone untrust policy deny-all-log match destination-address any set security policies from-zone trust to-zone untrust policy deny-all-log match application any set security policies from-zone trust to-zone untrust policy deny-all-log then deny set security policies from-zone trust to-zone untrust policy deny-all-log then log session-init
↧
Re: reordering security policy's in different configuration groups
The use of groups and apply-groups will always put those security policies on the bottom of the list of specific configured policies. So you won't be able to manipulate their order as you can the explict configured list.
Your option is to move either all the policy into the group for that zone pair or all the policy into the explict area.
Or use the group for the final default deny and have the other policies explict configured.
↧
Re: High CPU on SPC cards
Hi igor.hamzic81,
I hope you are doing great!
In most cases, high CPU utilization on the Data Plane is related to High Traffic Load/Flood from the neighboring device.
As it is stated below, you can use additional SPCs to increase the services processing throughput:
If the high CPU is caused due to the IDP issue, the below could help:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB26927
At times, when there is data path debug enabled, there are chances that you see high CPU. You might want to check that as well.
Hope this helps
Please mark this "Accepted Solution" if this addresses your concern.
Kudos would be appreciated too
↧