Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to enable the 'optimized' feature of VPN Monitor

0

0

Article ID: KB10118 KB Last Updated: 12 Jun 2020Version: 6.0
Summary:

When enabling the 'optimized' option of VPN monitor, existing traffic through the VPN is used for the monitoring packet instead of using the VPN monitor ping, which would normally be sent. 

This article shows how to enable the 'optimized' feature.

Solution:

What does the 'optimized' feature do?

When VPN monitoring is enabled for a specific tunnel, the security device sends ICMP echo requests (or “pings”) through the tunnel at specified intervals (configured in seconds) to monitor network connectivity through the tunnel. However, when the 'optimized' feature is selected, the VPN monitoring behavior changes as follows:
  • The SRX or J Series device accepts incoming traffic through the VPN tunnel as a substitute for ICMP echo replies.

  • If there is both incoming and outgoing traffic through the VPN tunnel, the SRX or J Series device suppresses VPN monitoring pings.

Note:  If you enable VPN monitoring optimization, be aware that VPN monitoring can no longer provide accurate SNMP statistics.


To enable the 'optimized' feature of VPN Monitor, use one of the following methods:

CLI:

root@srx#set security ipsec vpn <vpn-name> vpn-monitor optimized

 J-Web:

  1. Go To Configure > IPSec VPN > Auto Tunnel > Phase II

  2. Click the Add icon at the top right.

  3. Click the 'IPSec VPN Options' tab.

  4. Check the box 'Enable VPN monitor'

  5. Check the 'Optimized' box

  6. Optional:  Specify a 'Destination ip' and/or a 'Source interface'.

    For information on the usage of the Source Interface and Destination IP, consult KB10119 - Configuring the Source Interface and Destination IP options of VPN Monitor.

Modification History:
2020-06-12: Article reviewed for accuracy; no changes required

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search