Screen OS

 View Only
last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Outbound packet loss, inbound no problem

    Posted 09-10-2013 04:07

    Hi all

     

    I'm having a very strange problem for the second time now. Previously (maybe 2 months ago), I arranged to do a firmware update and the problem was fixed, but I guess the reboot did it.

     

    So, problem is a SSG5, three zones: untrust, trust and a zone to the mpls network (behind our provider CPE). 

     

    Connections from/to the mpls network, no problem at all.

    Connections to the untrust zone: lots of dropped packets (cont. ping). Strange thing is, incoming pings (to the firewall's untrust if ip) are stable as hell.

     

    Policies/session limiting don't seem to be at fault (no limit in the policy any->any ping), and I tried turning of the screen on untrust (trust has no screen options enabled).

    Hardware usage low as well (cpu/mem/sessions).

     

    I made the observation that when doing a traceroute, there are drops in the ping to the first hop (the ssg), however a cont. ping to the firewall is very stable.

     

    U:\>tracert -d 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     *        *     192.168.58.254
  2     *     ^C

     

    U:\>ping 192.168.58.254

Pinging 192.168.58.254 with 32 bytes of data:
Reply from 192.168.58.254: bytes=32 time=1ms TTL=64
Reply from 192.168.58.254: bytes=32 time=1ms TTL=64
Reply from 192.168.58.254: bytes=32 time=1ms TTL=64
Reply from 192.168.58.254: bytes=32 time=1ms TTL=64

Ping statistics for 192.168.58.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

     

     

    Could someone please point me in the right direction??

     

    Any suggestions VERY much appreciated!



  • 2.  RE: Outbound packet loss, inbound no problem

     
    Posted 10-06-2013 03:14

    If my understanding is correct, following is the overview of topology u r using :

     

    Client ----------(Trust) FW (Untrust) --- Internet

     

    When you ping FWs untrust IP, you see no losses, however when you ping someting beyond FW via Untrust zone ( towards Internet) , you are seeing losses , is this correct ?

     

    Could you please try pinging from the Firewall itself , any IP on internet and see if you still see the same losses ?

     

    Regards

    Sarab



  • 3.  RE: Outbound packet loss, inbound no problem

    Posted 10-06-2013 03:39

    Hi

     

    Your assumptions are correct.

    Pinging from the firewall worked perfect as well. The strangest thing was, that when performing a traceroute to something beyond the FW, the fw didn't reply either...

     

    However, I'm happy to inform you that I have found the cause a week ago. A client in the internal network had a Google Drive Sync client which was buggy. It had tens of thousands of connections open to the Google servers (the firewall only reported a few hundred). So I guess the firewall was simply overloaded with creating new sessions... As soon as I killed the googledrivesync.exe process on the PC, the problem went away...


    Thanks anyway for your time...



  • 4.  RE: Outbound packet loss, inbound no problem
    Best Answer

     
    Posted 10-06-2013 07:49

    Wow, glad that issue have been fixed.

     

    In future if such issue happens again, then do check the following things to start with

     

    Get perf cpu all detail  <<<<<<<<<<<<<<< CPU Details

    Get session info           <<<<<<<<<<<<<<< Session information

     

     

    Regards

    Sarab



  • 5.  RE: Outbound packet loss, inbound no problem

    Posted 10-06-2013 15:14

    Hi Sarab

     

    Yeah it was a though one, I'm very glad as well!!

     

    Also, thanks for your input and these commands, I will try them out next time (hopefully I won't need them :D)