Session End Reason Unknown and Aged out for SSH traffic passing through IPS

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Session End Reason Unknown and Aged out for SSH traffic passing through IPS

L0 Member

Issue is:

SSH establishes fine but once new attempt of a connection is made it cannot establish new connection. This disrupts the workflow of a automated application that sends files over SFTP throughout the day with the random disconnects.  Packet captures on client/server do not show anything compelling but I do see TCP retransmits during the client side but the Server does not see them.  My guess is the IPS is dropping the traffic but do not see any evidence quite yet.  Not sure why it drop it as that traffic is allowed. 


Session end Reason shows Unknown, Aged out, TCP fin.  


Traffic flow is client ssh/sftp ->  IPS -> Server


L0 Member

By the end of this chapter, you should be a pro at not only configuring security policies,They are visible in Junos 12.1 and newer, so if you are running an older Match intrazone policies: Evaluate the initial packet in an unknown session to us to define the origin and destination of the traffic passing through the SRX.




  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!