Juniper vSRX Flow-based to Packet-based

This posting explains how to change the forwarding mode on Juniper vSRX from flow-based to packet-based for IPv4 traffic.

Juniper vSRX 'show version'

So basically An Juniper vSRX can operate in two different modes: packet mode and flow mode. In flow mode, vSRX processes all traffic by analyzing the state or session of traffic. This is also called stateful processing of traffic. In packet mode, vSRX processes the traffic as a traditional router on a per-packet basis. This is also known as stateless processing of traffic. Security features like IPsec, NAT, UTM, and so on, do not work in packet mode. By default, Junos OS on Juniper vSRX devices works in flow mode.

Juniper vSRX or vSRX is virtual form of security platform from Juniper Networks, as we know appliance form called Juniper SRX or SRX.

1. To check the forwarding mode 'show security flow status'.

Juniper vSRX flow-based 'show security flow status'

2. To change Juniper vSRX from flow-based to packet-based, delete the security feature configuration then change the mode to packet-mode using following command and commit.

change the mode to packet-mode

3. Reboot the vSRX to make the changes effective.

reboot needed to change to packet mode

4. Once the vSRX is up after reboot, check the flow status again. As you can see, the forwarding mode is now packet-based.

Juniper vSRX packet-based