Using SRX and J series as a packet based router instead a flow based firewall

When using SRX or J series in the network it most of the time serves as a firewall or secure router. But sometimes it is used just like a L3 CPE with routing and/or MPLS. Disable flow forwarding and fall back to packet forwarding to gain a few more pps out of a CPU based platform like SRX and J series.

This is how it is done:

set security forwarding-options family mpls mode packet-based
set security forwarding-options family inet6 mode packet-based
set security forwarding-options family iso mode packet-based

Then reboot the SRX/J series. And you are done.

Try it out!

This entry was posted in Juniper Networking, Juniper Security, Networking, Security. Bookmark the permalink.

Leave a Reply