Does anyone have working SCTP over SRX345 (or any other branch SRX)?
I'm trying to connect two diameter peers and it seems that the return traffic gets dropped by the firewall.
The policy allows any traffic between two peers and I have exactly same issue on tunnel and on phy interfaces. Maybe there is a way to disable state tracking for sctp as a workaround...
It looks something like this:
Session ID: 365626, Policy name: Diameter/57, State: Active, Timeout: 1800, Valid
In: 192.168.130.246/3868 --> 192.168.120.2/3868;sctp, Conn Tag: 0x0, If: ge-0/0/4.301, Pkts: 2965, Bytes: 249060,
Out: 192.168.120.2/3868 --> 192.168.130.246/3868;sctp, Conn Tag: 0x0, If: st0.2, Pkts: 0, Bytes: 0,
show security flow session session-identifier 365626
Session ID: 365626, Status: Normal, State: Active
Flags: 0x8000040/0x0/0x3
Policy name: Diameter/57
Source NAT pool: Null
Dynamic application: junos:UNKNOWN,
Encryption: Unknown
Application traffic control rule-set: INVALID, Rule: INVALID
Maximum timeout: 1800, Current timeout: 1800
Session State: Valid
Start time: 1291124, Duration: 3937
In: 192.168.130.246/3868 --> 192.168.120.2/3868;sctp,
Conn Tag: 0x0, Interface: ge-0/0/4.301,
Session token: 0xd, Flag: 0x21
Route: 0x2a0010, Gateway: 192.168.159.2, Tunnel: 0
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 3185, Bytes: 267540
Out: 192.168.120.2/3868 --> 192.168.130.246/3868;sctp,
Conn Tag: 0x0, Interface: st0.2,
Session token: 0x13, Flag: 0x20
Route: 0x3a0010, Gateway: 192.168.120.2, Tunnel: 537001987
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 0, Bytes: 0
Total sessions: 1
In the same time TCP/ICMP works correctly - the peers who supports Diameter over TCP are working.
SRX345 on JunOS 15.1X49-D50.3