Juniper SRX Slow Internet Speed

Hello folks!

Okay… This is probably one of the simple things that we forget when troubleshooting, leaving the debuging turned on.

Last year, I replaced my SRX100H2 with my old ASA5505 because it was really slow. It was so slow that a simple google search took a while to load up.

Here, a short back story. I was talking to Verizon rep to break my DHCP lease because my SRX was not receiving a public IP from Verizon. I was keeping an eye to debugs why my SRX was not receiving public IP then eventually it did received a public IP. I could not remember what was the problem with DHCP, though. When I thought I fixed the problem, another one just showed up. My Internet was really slow. Did some troubleshooting, checked my configs, reset to default, etc, but at the end of the day everything seems to be normal.

Eventually, I called Verizon again, and they said that everything seems to be fine on their end. At this point, I was lost. Instead of wasting time troubleshooting this, I reconfigured my ASA5505, and replaced my SRX100 with ASA5505. The ASA5505 didn’t have the slow speed like the SRX100. I thought to myself that my SRX100 must be faulty.

Now, back to present time. I still have my SRX and I still want to use it. I powered it on last night and plugged it in to my ASA5505. After a year, I haven’t given up with my SRX100, and probably never will. I like this firewall.

I woke up this morning with enough sleep, and motivated to fixed this firewall’s slow performance. And guess what, I found that I have an existing¬†security flow traceoptions¬†in the config.

karlo@BFWSRX# show | display set | match trace 
set security flow traceoptions file DEBUG-ALL
set security flow traceoptions file size 1m
set security flow traceoptions flag all

I deleted the config

karlo@BFWSRX# show | compare 
[edit security]
- flow {
- traceoptions {
- file DEBUG-ALL size 1m;
- flag all;
- }
- tcp-session {
- no-sequence-check;
- }
- }

Then run the speed test again. Voila!!! The performance is back to normal again. So folks do not forget to delete your traceoptions after you troubleshoot your network/firewall issues.




About networkshinobi

This blog is about the things I learned about computers and networking to help me to remember them as I push further my studies. I created this blog to help myself to continue my education; and if you find this blog helpful for your studies, that is great. That is one of the reasons why I made this blog, to share my interest and knowledge. Also, all the entries/posts I made are based on my views, opinion and for educational purposes only. If you see some mistakes, feel free to drop some comments. I would appreciate all the helpful comments. Thanks BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a LTC : LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
This entry was posted in Firewall, Juniper, Misc., troubleshoot and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s