I am newbie to SRX and also to this forum, I am looking for some help.
Our customer has recently started deploying a new SRX 345 cluster, We are in midst of testing TCP/UDP throughput with various security features. initial test looked positive with throughput but after configuring IDP, SSL proxy feature http/https throughput has reduced drastically, Is this expected?
Any commands/logs to check for to identy problem? What can be done to increase or atleast normalize the throughput?
Appreciate the feedback.
As I understand Throughput is reduced after configuring IDP or SSL proxy. Please refer the datasheet to check the performance numbers.
If you are not seeing the expected throughput what is described in datasheet then to start with you can look for below information.
First of all verify RE and PFE CPU, ensure this is not crossing threshold level.
show chassis routing-engine
show system process extensive
show security monitoring performance CPU
show log messages to see any idp related errors.
Also below kb link should help you with detailed steps of idp troubleshooting along with IDP configuration suggestions.
If by any chance you have newly IDP license installed and haven't rebooted the device then you need to reboot post IDP installation.
Please refer and follow the KB. Let me know if this KB helps.
I do have follow-up question. Does SRX need a reboot after every license installation?