SRX

Good afternoon.
Input data: SRX1600 * 2 = cluster (HA, redundancy group, etc...)
An reth#.# interface is attached to the untrust zone
A public address of the inet family has been added to the reth#.# interface.
The ping from outside is successful. 

Then I combine the following ge- interfaces in reth11.44, attach them to the security zone, assign a public address, and eventually 2% of the pings reach this address.

Whatever addresses I assign, I achieve an unsuccessful result.
This only happens with interfaces: ge-0/0/11 and ge-7/0/11

Detailed data:
JUNOS 23.4R2.13

# show chassis cluster
redundancy-group 4 {
    node 0 priority 100;
    node 1 priority 99;
    interface-monitor {
        ge-0/0/11 weight 255;
        ge-7/0/11 weight 255;
    }

# show interfaces reth11.44
description sale_200_Mb/s;
vlan-id 44;
family inet {
    address 19.36.52.52/28;
}

# show security zones security-zone sale
screen untrust-screen;
interfaces {
    reth11.44 {
        host-inbound-traffic {
            system-services {
                ping;
            }
        }
    }
}

set chassis cluster reth-count 12

Perhaps that does the trick?

Oh, and do upgrade to 23.4R2-S4!

Good afternoon.
Input data: SRX1600 * 2 = cluster (HA, redundancy group, etc...)
An reth#.# interface is attached to the untrust zone
A public address of the inet family has been added to the reth#.# interface.
The ping from outside is successful. 

Then I combine the following ge- interfaces in reth11.44, attach them to the security zone, assign a public address, and eventually 2% of the pings reach this address.

Whatever addresses I assign, I achieve an unsuccessful result.
This only happens with interfaces: ge-0/0/11 and ge-7/0/11

Detailed data:
JUNOS 23.4R2.13

# show chassis cluster
redundancy-group 4 {
    node 0 priority 100;
    node 1 priority 99;
    interface-monitor {
        ge-0/0/11 weight 255;
        ge-7/0/11 weight 255;
    }

# show interfaces reth11.44
description sale_200_Mb/s;
vlan-id 44;
family inet {
    address 19.36.52.52/28;
}

# show security zones security-zone sale
screen untrust-screen;
interfaces {
    reth11.44 {
        host-inbound-traffic {
            system-services {
                ping;
            }
        }
    }
}

Good afternoon.
Input data: SRX1600 * 2 = cluster (HA, redundancy group, etc...)
An reth#.# interface is attached to the untrust zone
A public address of the inet family has been added to the reth#.# interface.
The ping from outside is successful. 

Then I combine the following ge- interfaces in reth11.44, attach them to the security zone, assign a public address, and eventually 2% of the pings reach this address.

Whatever addresses I assign, I achieve an unsuccessful result.
This only happens with interfaces: ge-0/0/11 and ge-7/0/11

Detailed data:
JUNOS 23.4R2.13

# show chassis cluster
redundancy-group 4 {
    node 0 priority 100;
    node 1 priority 99;
    interface-monitor {
        ge-0/0/11 weight 255;
        ge-7/0/11 weight 255;
    }

# show interfaces reth11.44
description sale_200_Mb/s;
vlan-id 44;
family inet {
    address 19.36.52.52/28;
}

# show security zones security-zone sale
screen untrust-screen;
interfaces {
    reth11.44 {
        host-inbound-traffic {
            system-services {
                ping;
            }
        }
    }
}

Good afternoon.
Input data: SRX1600 * 2 = cluster (HA, redundancy group, etc...)
An reth#.# interface is attached to the untrust zone
A public address of the inet family has been added to the reth#.# interface.
The ping from outside is successful. 

Then I combine the following ge- interfaces in reth11.44, attach them to the security zone, assign a public address, and eventually 2% of the pings reach this address.

Whatever addresses I assign, I achieve an unsuccessful result.
This only happens with interfaces: ge-0/0/11 and ge-7/0/11

Detailed data:
JUNOS 23.4R2.13

# show chassis cluster
redundancy-group 4 {
    node 0 priority 100;
    node 1 priority 99;
    interface-monitor {
        ge-0/0/11 weight 255;
        ge-7/0/11 weight 255;
    }

# show interfaces reth11.44
description sale_200_Mb/s;
vlan-id 44;
family inet {
    address 19.36.52.52/28;
}

# show security zones security-zone sale
screen untrust-screen;
interfaces {
    reth11.44 {
        host-inbound-traffic {
            system-services {
                ping;
            }
        }
    }
}

What is the configuration of the switch ports attached?

A common error is to treat RETH (redundant ethernet) as if they were an aggregated ethernet pair.  When this happens packet loss occurs because the switch is expecting to use either of the two interfaces at any time.  But redundant ethernet has only one of the pair active at any given time.

Good afternoon.
Input data: SRX1600 * 2 = cluster (HA, redundancy group, etc...)
An reth#.# interface is attached to the untrust zone
A public address of the inet family has been added to the reth#.# interface.
The ping from outside is successful. 

Then I combine the following ge- interfaces in reth11.44, attach them to the security zone, assign a public address, and eventually 2% of the pings reach this address.

Whatever addresses I assign, I achieve an unsuccessful result.
This only happens with interfaces: ge-0/0/11 and ge-7/0/11

Detailed data:
JUNOS 23.4R2.13

# show chassis cluster
redundancy-group 4 {
    node 0 priority 100;
    node 1 priority 99;
    interface-monitor {
        ge-0/0/11 weight 255;
        ge-7/0/11 weight 255;
    }

# show interfaces reth11.44
description sale_200_Mb/s;
vlan-id 44;
family inet {
    address 19.36.52.52/28;
}

# show security zones security-zone sale
screen untrust-screen;
interfaces {
    reth11.44 {
        host-inbound-traffic {
            system-services {
                ping;
            }
        }
    }
}