Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to enable the IPv6 flow (or packet) mode on SRX

0

1

Article ID: KB25697 KB Last Updated: 23 Apr 2020Version: 3.0
Summary:

This article provides information on how to enable the IPv6 flow (or packet) mode on SRX devices.

 

Symptoms:

A directly connected IPv6 neighbor is present, but it is not possible to communicate with it.

 

Cause:

The default IPv6 mode is drop; you will have to change the mode to flow or packet to allow IPv6 traffic.

 

Solution:

This feature is supported on SRX devices from Junos OS release 9.6 or later.

Check the flow module status for IPv6 traffic by using the show security flow status command:

root@SRX> show security flow status
 Flow forwarding mode:
   Inet forwarding mode: flow based
   Inet6 forwarding mode: drop
   MPLS forwarding mode: drop
   ISO forwarding mode: drop
 Flow trace status
   Flow tracing status: off

As you can see in the above example, the Inet6 forwarding mode is set to drop (default) in relation to allowing IPv6 traffic. This has to be changed to flow (or packet) by using the configuration mode command (a reboot is required, after you commit):

root@SRX# set security forwarding-options family inet6 mode flow-based 

[edit]
root@SRX# commit 
warning: You have enabled/disabled inet6 flow.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
commit complete

root@SRX> show security flow status 
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: flow based (reboot needed to change to drop)
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

Verification

Now, you should see flow-based for IPv6 traffic in the flow status:

root@SRX> show security flow status
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: flow based
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

 

Modification History:

2020-04-23: Article reviewed for accuracy; no changes required; article still valid and relevant

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search