> 3. The issues raised below (I didn't realize this myself ) about sessions > destined to the router still being processed as flow mode, which can tear > down TCP sessions under certain circumstances. > > Does anyone have a proof link for this? I've just checked a J series running 10.0R2 packet-mode and see
plu...@router> show security flow session summary Session summary: Unicast-sessions: 0 Multicast-sessions: 0 Failed-sessions: 0 Sessions-in-use: 0 Maximum-sessions: 262144 plu...@router> show security flow session 0 sessions displayed Despite I'm SSH on it and it holds several BGP sessions. When J/SRX is in normal (flow) mode it shows the sessions to itself. Morover this would be cool if we could use per security zone stateful settings for host-inbound-traffic instead of classic packet-based unidirectional filters (stuff everyone hates to do) in order to protect control plane in packet mode. Although it seems to me that it is not possible. -- Pavel _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp