Juniper SRX Slow Internet Speed

Hello folks!

Okay… This is probably one of the simple things that we forget when troubleshooting, leaving the debuging turned on.

Last year, I replaced my SRX100H2 with my old ASA5505 because it was really slow. It was so slow that a simple google search took a while to load up.

Here, a short back story. I was talking to Verizon rep to break my DHCP lease because my SRX was not receiving a public IP from Verizon. I was keeping an eye to debugs why my SRX was not receiving public IP then eventually it did received a public IP. I could not remember what was the problem with DHCP, though. When I thought I fixed the problem, another one just showed up. My Internet was really slow. Did some troubleshooting, checked my configs, reset to default, etc, but at the end of the day everything seems to be normal.

Eventually, I called Verizon again, and they said that everything seems to be fine on their end. At this point, I was lost. Instead of wasting time troubleshooting this, I reconfigured my ASA5505, and replaced my SRX100 with ASA5505. The ASA5505 didn’t have the slow speed like the SRX100. I thought to myself that my SRX100 must be faulty.

Now, back to present time. I still have my SRX and I still want to use it. I powered it on last night and plugged it in to my ASA5505. After a year, I haven’t given up with my SRX100, and probably never will. I like this firewall.

I woke up this morning with enough sleep, and motivated to fixed this firewall’s slow performance. And guess what, I found that I have an existing¬†security flow traceoptions¬†in the config.

karlo@BFWSRX# show | display set | match trace 
set security flow traceoptions file DEBUG-ALL
set security flow traceoptions file size 1m
set security flow traceoptions flag all

I deleted the config

karlo@BFWSRX# show | compare 
[edit security]
- flow {
- traceoptions {
- file DEBUG-ALL size 1m;
- flag all;
- }
- tcp-session {
- no-sequence-check;
- }
- }

Then run the speed test again. Voila!!! The performance is back to normal again. So folks do not forget to delete your traceoptions after you troubleshoot your network/firewall issues.



About networkshinobi

My name is Karlo, I work as a Network Engineer. A little about myself. I started as a PC gamer back when I was in high school. PC gaming became my addiction and pushed me to learn more about computers. Slowly got my some certifications and landed an IT Tier 1 Helpdesk job. This job opened the door for me to work to push further on my certifications and going deeper into the IT world. My goal was to get my Cisco CCIE Routing and Switching, but my journey for CCIE has changed due to I always ended up working on non-Cisco network appliances. Therefore, I have to pivot and decided to jump to the dark side and go with Juniper. Hopefully, I would get my JNCIE in the near future. All the entries/post I made are based on my views, opinion and for educational purposes only. If you see some mistakes, feel free to drop some comments. I would appreciate all the helpful comments. Thanks
This entry was posted in Firewall, Juniper, Misc., troubleshoot and tagged , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s