Juniper SRX Flow vs Packet Mode

The Juniper SRX as it comes forwards IP traffic based on flows between security zones.  It can be configured to forward traffic based on packets (no fancy security features).  In packet mode an SRX acts just like a router or layer 3 switch. This is useful for labs and learning.

Run the following command to get an idea of how your SRX is forwarding traffic.
> show security flow status

By default Inet (IPv4) traffic is the only traffic that is configured to forward traffic in flow mode.

To disable this simply delete all of the configuration under the security hierarchy.
# delete security
# commit
# run request system reboot

To enable other traffic types use the following commands

# set security fowarding-options family inet6 mode packet-based

# set security fowarding-options family mpls mode packet-based

# set security fowarding-options family iso mode packet-based

You must now commit the configuration and reboot the device.

There is another method to do this that allows you to use both flow and packet mode on the same family which requires firewall rule.  I will go over that in another post.

Absolutely required software for dDos attacks

Config Security & Firewall (CSF)

Absolutely the best software I’ve used to date, automatically detects a plethora of patterns and automatically adds the IP to the iptables block list.  Has lots of extra features for detecting malicious file activity and SU logins as well as some basic checks to make sure your configurations are secure.

Check it out at Config Server

Apache Mod_Evasive

Extremely effective and useful module for automatically blocking IP’s that request the same file very rapidly.


SNORT Intrusion Detection

Very effective and useful tool to monitor everything thats going on in your system and track down potential attempted intrusions.