Configuring Service-Offload on the Juniper SRX

Service Offload Configuration Commands

1. First configure the FPC/PIC (I believe on the SRX1400 if the NP-IOC is in slot 2 it would be FPC2 PIC0 but you can confirm)

2. Then setup a policy from zone x to zone y to allow whatever addressing/protocol and permit services-offload feature for that traffic

3. Then confirm your config
>show configuration chasssis
>show configuration security policies from-zone x to-zone y policy services-offload (etc… depending on what zones and policy is named)

Monitoring Services Offload (On NP-IOC), show commands, etc…

1. To determine if hardware knows it is configured for service offload
>show chassis fpc pic status node0 (this should show the fpc/pic with service offload out to the side to confirm the hardware is ready)

2. Once traffic is flowing through the firewall you can look at the traffic flow by…
>show security flow session services-offload
>show security flow session services-offload <brief> <extensive> <summary>×46/topics/reference/command-summary/show-security-flow-session-fast-forward.html
>Then any other security show comands we did in the seminar training, like show security policies hit-count, etc…
>Note: There is no easy way to prove the exact latency without a test set or some other test stream that I am aware of…

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial