Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to enable the "optimized" feature of VPN Monitor

0

0

Article ID: KB10118 KB Last Updated: 28 Dec 2020Version: 7.0
Summary:
 

When the "optimized" option of VPN Monitor is enabled, existing traffic through the VPN is used for the monitoring packet instead of using the VPN monitor ping, which would normally be sent. 

This article shows how to enable the "optimized" feature.

 

Solution:
 

What does the "optimized" feature do?

When VPN monitoring is enabled for a specific tunnel, the security device sends ICMP echo requests (or “pings”) through the tunnel at specified intervals (configured in seconds) to monitor network connectivity through the tunnel. However, when the "optimized" feature is selected, the VPN monitoring behavior changes as follows:

  • The SRX Series device accepts incoming traffic through the VPN tunnel as a substitute for ICMP echo replies.

  • If there is both incoming and outgoing traffic through the VPN tunnel, the SRX Series device suppresses VPN monitoring pings.

Note: If you enable VPN monitoring optimization, be aware that VPN monitoring can no longer provide accurate SNMP statistics.

To enable the "optimized" feature of VPN Monitor, use one of the following methods:

CLI:

root@srx#set security ipsec vpn <vpn-name> vpn-monitor optimized

J-Web:

  1. Go To Configure > Security Services > IPsec (Phase II).

  2. Double-click the IPsec VPN on which you want to configure the feature.  

  3. Click the IPSec VPN Options tab.

  4. Select the "Enable VPN monitor" check box.

  5. Select the Optimized check box.

  6. Optional: Specify a "Destination ip" and/or a "Source interface."

For information about using Source Interface and Destination IP, consult KB10119 - Configuring the Source Interface and Destination IP options of VPN Monitor.

 

Modification History:
 
  • 2020-06-12: Article reviewed for accuracy; no changes required

  • 2020-12-28: Article reviewed for accuracy; J-Web navigation options modified

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search