What is the equivalent of Cisco's 'ip virtual-reassembly' for a Juniper ISG 2000

udp cisco juniper fragmentation

I tested my dns servers with the oarc test and my size limit is at least 1403 bytes. I performed the same test before my Juniper ISG 2000 and the result is 2047 bytes.

According to the chapter IP "Fragments Filtered" and this article, I think I have a fragmentation problem.

This article talks about ip virtual-reassembly for cisco but I can't find the equivalent for Juniper.

I prefer to find the good option in JunOS before I talk about this with my net admin :-)

Thanks


Solution 1:

The ISG-2000 is actually a stateful firewall with several other features and options (VPN, IPS, etc.). It runs not JunOS but ScreenOS, as it's a NetScreen firewall.

Assuming you're running ScreenOS 6.2.0 or newer, you should be able to enable IP packet reassembly as follows:

set flow force-ip-reassembly

Related

Dynamic subdomain routing
Active Directory and Apple's Workgroup Manager
Ampersand at the beginning of a line in csh
can't get php mail() working on Ubuntu desktop version with sendmail and postfix
What do you have on your PXE server? [closed]
Simple positioning problem for child element
PostgreSQL failover cluster on Windows Server
Dumping a Linux console scrollback buffer?
Generating/managing config files for hosted application
Windows Server 2008 keeps changing time by itself
Ninety-Fifth Percentile Calculation for Bandwidth
sudoer scheme to allow useful access to another web developer yet retain future control of a virtual server?