Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to calculate the number of VPN tunnels that are created on the firewall for a policy based VPN?

0

0

Article ID: KB26724 KB Last Updated: 27 Sep 2019Version: 2.0
Summary:

This article provides information on how to calculate the number of VPN tunnels that are created on a firewall for a policy based VPN.

Symptoms:

Is there a way to calculate number of VPN tunnels policy based VPN/VPNs have created on ScreenOS box?

Solution:

In a policy based VPN, each policy will create a different tunnel. If a VPN is referred in two policies, then two tunnels will be created.

The same logic is applicable for VPN groups. Refer to the following information:

  • When a VPN group is bound to a policy, the firewall will create the number of tunnels that are equal to the number of VPNs being bound to the group.

  • If four VPNs are bound to the VPN group, then every policy will lead to four VPN tunnels being created.

  • For a total of ten policies from trust to untrust, each having a VPN group bound to it, 40 VPN tunnels will be created.

Note: When using policy based VPNs, it is possible that the soft limit for the VPN can be reached and no more policies are allowed to be configured.

The following error message is generated in the output of get log sys:

fail to update ike p2 id
## 2012-11-18 04:07:21 : fpl_build_policy : swrs_policy2rule failed

In such a situation a route based VPN can be used.

Modification History:
2019-09-27: Minor, non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search