Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Problem: Packet drop due to source session threadhold exceeded

0

0

Article ID: KB6557 KB Last Updated: 18 Aug 2011Version: 4.0
Summary:
Problem: Packet drop due to source session threadhold exceeded
Symptoms:
Session Threshold Exceed Was able ping to the Host from Untrust interface on Netscreen The host was not able to ping Untrust interface Error: packet dropped, drop since src session threshold exceeded The Host was not able to ping the default gateway thru the Netscreen Error: packet dropped, drop since src session threshold exceeded  ****** 57543.0: <trust> packet received [75]****** Packet was received on Netscreen but was dropped
Solution:

All source packets will be dropped by NetScreen if the source IP based Session Limit is configured and exceeded.

This is a Normal behavior.  Once the "Source IP based Session Limit" is set, all source packets will be passed to NetScreen until the threshold (default is 128) limit is exceeded.  When Session is exceeded, the packet will be dropped.  The host, which pings the NetScreen interface or through the NetScreen, will receive a  ping timeout.

Here is the problem or goal:

  • Was able ping to the Host from Untrust interface on NetScreen
  • The host was not able to ping Untrust interface
  • Error: packet dropped, drop since src session threshold exceeded
  • The Host was not able to ping the default gateway thru the NetScreen
  • Error: packet dropped, drop since src session threshold exceeded  ****** 57543.0: packet received [75]******
  • Packet was received on NetScreen but was dropped

Problem Environment:

  • Session Threshold Exceed

Applicable Products:

  • NetScreen-5
  • NetScreen-5XP
  • NetScreen-5XT
  • NetScreen-10
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-1000
  • NetScreen-5200


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search