[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Per policy session cap on Juniper SRX

Subject: Per policy session cap on Juniper SRX
From: me at anuragbhatia.com (Anurag Bhatia)
Date: Sun, 7 Sep 2014 01:24:46 +0530

Hello everyone!


I have a Juniper SRX firewall and in recent times I did had issues because
one or other user doing an attack outside. Usually it is compromised client
machines which create a lot of firewall sessions in outside direction.


I was thinking of two specific things as fix for this:


   1. Can I somehow put a cap per security policy so that all available
   sessions aren't chewed by clients?

   2. We have very few clients who actually use firewall in outbound, rest
   all in inbound. This I wish to skip firewall in outbound but in my test I
   found it behaves strange. I tried with machine having inbound traffic via
   firewall. They ping and port 80 also worked but SSH just hung up as soon as
   I started. I see SRX can be used in unidirectional setup but somehow it
   fails in my case.



Any suggestions/advice/ sample configs?


Thanks in advance!

-- 


Anurag Bhatia
anuragbhatia.com

Linkedin <http://in.linkedin.com/in/anuragbhatia21> | Twitter
<https://twitter.com/anurag_bhatia>
Skype: anuragbhatia.com

PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2

Prev by Date: no more "Send through Gmail" option
Next by Date: The Next Big Thing: Named-Data Networking
Previous by thread: Weekly CIDR Reports
Next by thread: Fwd: Interesting problems with using IPv6
Index(es):
- Date
- Thread