Since this is the first hit (or at least top 3) on google when you search "msrpc alg juniper srx"
I will just add a note here:
Every couple monthes FTP ALG would go down for us here. For some ftp servers this was not an issue, just disable ftp alg on the srx then they were fine. But some ftp servers had issues with their PASSIVE Mode ftp(bugs in their code) and FTP ALG fixed the issues. With out FTP ALG these ftp servers would not function correctly. So the only solution we had was to take maintenance and reboot the SRX's. But this issue was spuratic. Sometimes 6 months would go by sometimes 2 monthes.
Anyway Today:
JTAC showed reffered me to this:
https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1120757
to summerize:
- Resource manager tables fill up
- the sessions don't expire fast enough for new ones
- then new alg sessions can not be establish
- MSRPC is the main culprit but it trickles down to other protocols with ALG enabled(pptp ftp etc..)
Work around:
# run show security resource-manager summary Active resource-manager clients : 15 Active resource-manager groups : 2048 Active resource-manager resources : 2077 Active resource-manager sessions : 26 # run clear security resource-manager groups node all # run show security resource-manager summary Active resource-manager clients : 15 Active resource-manager groups : 0 Active resource-manager resources : 0 Active resource-manager sessions : 0
But plan to upgrade to a version not affected by this...
