Hi to all,
I have a customer who has an SRX345 box.
Sometimes the device get frezzed an becomes inaccesible via icmp, web, etc... The device doesn't answer to any traffic via any interface and the customer becomes incomunicated. The only way to recover the device is reboot it. This behaivor is aleatory and they don't do anything estrange apparently.
I'm looking for some log or file which tell to me what's happend when the device becomes inaccesible but I don't find any. Any idea where could I look to have any explain of this??? A few weeks ago, the ISP told to my customer that they were being attacked, could be a DDoS attack the root cause to the lockdown?? If yes, what can I do to mitigate it??
Thanks in advance!!
The best suggestion from my side would be to have somebody log on the device via serial console to figure out if the device is actually responding there.. and secondly looking at cpu load, interface counters and similar which could indicate a (D)DoS attack.
Just rebooting it will not provide any data to solve this permanently.