SRX

Expand all | Collapse all

packet mode on SRX and traffic inspection.

Jump to Best Answer
  • 1.  packet mode on SRX and traffic inspection.

    Posted 05-04-2018 09:17

    HI everyone

     

    Let say we have SRX, for one specific src ip abd destination ip pair, we want to use packet forwarding mode,  my question is this traffic still get inspected for malware, virus etc? or  in other words, does using packet mode for certain traffic will result
    such traffic not be checked for malware/virus etc.

    Thanks and have a nice weekend.

     



  • 2.  RE: packet mode on SRX and traffic inspection.

     
    Posted 05-04-2018 14:28

    The SRX modes flow vs packet are set at the entire device level.  Once you set the mode the processes that load and how the packet handling works is different.  You cannot do both packet and flow mode on the same device, you are setting one or the other.

     

    The advanced inspection features you mention require the SRX be in flow mode.

     



  • 3.  RE: packet mode on SRX and traffic inspection.
    Best Answer

    Posted 05-04-2018 14:56

    @spuluka, You can bypass the flow daemon for select traffic using a firewall filter and do stateless packet based forwarding using "then packet-mode" action.

     

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB26757

     

    @OP, Because you are bypassing the flow daemon, I assume that all security inspection outside of a firewall filter does not occur.



  • 4.  RE: packet mode on SRX and traffic inspection.

     
    Posted 05-04-2018 15:00

    nice, I was not aware of this option.