Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Traffic has suddenly stopped on the VSYS

0

0

Article ID: KB25526 KB Last Updated: 21 Aug 2012Version: 1.0
Summary:
This article describes the issue of traffic suddenly ceasing to work on a VSYS.
Symptoms:
  • The entire traffic on a particular VSYS (in this case, it is Corporate-vsys) ceases to work.

  • No configuration changes were made.

  • The existing connections are working; but new connections cannot be established.
Cause:
When debugs are captured for newly initiated connections on the VSYS, it shows that the vsys session limit was reached:
****** 46557.0: <UNTRUST-Corporate-VSYS/ethernet2/4> packet received [60]******
ipid = 30531(7743), @0479c118
packet passed sanity check.
ethernet2/4:115.111.63.2/808->198.175.229.159/48788,1(8/0)<Corporate-VSYS>
no session found
flow_first_inline_vector: in <ethernet2/4>, out <N/A>
max vsys session reached, drop packet, vsy: Corporate-VSYS, cur 10000, max 10000
time billed to vsys Corporate-VSYS
This can be verified with the get session info command:
firewall (Corporate-VSYS)(M)-> get session info
Corporate-VSYS: sw alloc 10000/max 10000, alloc failed 1231111, mcast alloc 0
firewall (Corporate-VSYS)(M)->
Solution:
As adequate sessions are not allocated for the VSYS, the threshold is reached; which causes the device to enforce the session limit and drop packets for corporate-vsys. The maximum session limit for the VSYS has to be increased to allow further connections.

Edit the VSYS and change the session limit accordingly:




Alternatively, the CLI command is:
firewall (M) -> enter vsys corporate
firewall (Corporate-VSYS)(M)-> set override session-limit max <number>

firewall (Corporate-VSYS)(M)-> exit
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search