Junos OS

Using the exact same config, I'm testing 22.4R3.25 on an SRX300 -- and traffic between a host on port 0/5 and a host on port 0/1 (simple setup on desk) won't pass traffic between hosts (ping - or anything else) - but when I do nothing but switch JunOS down to 22.4R2.8 -- the traffic passes as expected. 

I can't find anything on this problem and 22.4R3.25 is new and supposed to fix the nasty CVE on JunOS from last year. 

Can anyone else confirm this problem? (with maybe a fix?)

Thanks,

 -Ben

I see that 22.4R3-S1 is available for SRX only...

Maybe give it a try?

Using the exact same config, I'm testing 22.4R3.25 on an SRX300 -- and traffic between a host on port 0/5 and a host on port 0/1 (simple setup on desk) won't pass traffic between hosts (ping - or anything else) - but when I do nothing but switch JunOS down to 22.4R2.8 -- the traffic passes as expected. 

I can't find anything on this problem and 22.4R3.25 is new and supposed to fix the nasty CVE on JunOS from last year. 

Can anyone else confirm this problem? (with maybe a fix?)

Thanks,

 -Ben

I tried that once upon a time and that was broken too. 

The point is: 22.4R3.25 is supposed to fix the nasty CVE on JunOS from last year -- and was specifically recommended by JTAC...

And it seems to be broke. 

I see that 22.4R3-S1 is available for SRX only...

Maybe give it a try?

Using the exact same config, I'm testing 22.4R3.25 on an SRX300 -- and traffic between a host on port 0/5 and a host on port 0/1 (simple setup on desk) won't pass traffic between hosts (ping - or anything else) - but when I do nothing but switch JunOS down to 22.4R2.8 -- the traffic passes as expected. 

I can't find anything on this problem and 22.4R3.25 is new and supposed to fix the nasty CVE on JunOS from last year. 

Can anyone else confirm this problem? (with maybe a fix?)

Thanks,

 -Ben

Using the exact same config, I'm testing 22.4R3.25 on an SRX300 -- and traffic between a host on port 0/5 and a host on port 0/1 (simple setup on desk) won't pass traffic between hosts (ping - or anything else) - but when I do nothing but switch JunOS down to 22.4R2.8 -- the traffic passes as expected. 

I can't find anything on this problem and 22.4R3.25 is new and supposed to fix the nasty CVE on JunOS from last year. 

Can anyone else confirm this problem? (with maybe a fix?)

Thanks,

 -Ben

i think i had same issue as you, my problem was after upgrade from 21.2 to 22.4 version i oculd not use juniper as a jumphost ssh:

ssh -J 10.122.13.3 192.168.1.105

was not working from any OS/putty etc etc

info was :

channel 0: open failed: administratively prohibited: open failed
stdio forwarding failed
kex_exchange_identification: Connection closed by remote host

from juniper srx messages info was:

Oct 11 16:31:17  POLORO35-36 sshd[90372]: Accepted publickey for andrzhor from 10.122.16.235 port 7007 ssh2: RSA SHA256:wMg/ASbtYCv1x4YfIWy9k85RfDvVDIjLl7gpVnP9uM5

Oct 11 16:31:17  POLORO35-36 sshd[90377]: refused local port forward: originator 127.0.0.1 port 65535, target 192.168.1.89 port 22

after ticket for juniper ( didnt solve it ) support i googled some info about freeBSD issues on that scope. and there was some info that in FreeBSD version 13.3  sshd_conf file getting new settings and one of it is AllowTcpForwarding no

because of that juniper do not want to passthrou tcp 22 port and killing your session.

fix for that was to find sshd_conf and change value, in junos its in different place than in regular freeBSD so it is in:

 /var/etc/sshd_conf

logged to shell as a root and did copy of it just in case and vi original file, in matter of fact there was this option setup as no after upgrade ( no idea what was there in version 21.2 ). Changed it for Yes value, saved it and worked lika a charm, was able to ssh over juniper to other systems behind it. "AllowTcpForwarding Yes"

Issue is related with upgrade to new FreeBSD version so i think its occuring EVERYONE who upgrade it to this version or similar version ( no idea if version 23 or 24 have this problem or some version before like 22.1 )

try it maybe it will fix also for you.

Using the exact same config, I'm testing 22.4R3.25 on an SRX300 -- and traffic between a host on port 0/5 and a host on port 0/1 (simple setup on desk) won't pass traffic between hosts (ping - or anything else) - but when I do nothing but switch JunOS down to 22.4R2.8 -- the traffic passes as expected. 

I can't find anything on this problem and 22.4R3.25 is new and supposed to fix the nasty CVE on JunOS from last year. 

Can anyone else confirm this problem? (with maybe a fix?)

Thanks,

 -Ben