SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX340 - No Auth - although Firewall seems to still be running.

    Posted 06-01-2023 17:44
    Edited by Jodi Meier 06-01-2023 17:44

    UPDATE - It looks like the unit was having an issue with a failing internal FLASH storage. It finally bit the dust last week. 
    Looks like this a Juniper acknowledged problem with older SRX300 series with an earlier revision eUSB storage module. 

    discussed here: Significant SRX reliability problems | SRX

    Juniper remove preview
    Significant SRX reliability problems | SRX
    Generally speaking, I really like working with the SRX. We use 210, 220, and 240 models throughout the company. It's trivially easy to set up tunnels with OSP
    View this on Juniper >

    )


    Twice now in a few weeks, I've had a SRX-340 deny logins. (after years of running flawlessly)

    * No Dynamic VPN users.
    * No Web login to Admin interface.
    * No SSH
    * No Serial Console Logins

    EDIT: Previous instance:

    * Traffic still passes normally.
    * Nailed VPN Tunnels work normally (I have a static Policy based VPN tunnel from my home office to office location and can see all hosts behind firewall as normal)

    Instance from this morning: (might be a different problem)

    * No traffic passing.
    * STAT LED was Amber (a non-listed state in online docs for SRX series)
    * Local user pressed power, LEDs went off. Pressed power 2nd time, unit booted normally.

    Just rebooted this morning... after 3hrs and already the local console and SSH logins fail authentication even though the web interface is still working. Unit is running (don't laugh) 15.1x49-D170.4.

    (Client has been burned on upgrades like the jump from 12 to 15)

    Has anyone else run into this problem?

    Thanks,

     -Ben



  • 2.  RE: SRX340 - No Auth - although Firewall seems to still be running.

    Posted 02-07-2023 03:08
    Hello, how you try to connect to device? mgmt oob port, loopback or interface?
    15.1x49 is too old image). The best way  its upgrade to recomended jtac) Junos 21.2R3-S3


    ------------------------------
    andrii furdyha
    ------------------------------



  • 3.  RE: SRX340 - No Auth - although Firewall seems to still be running.

    Posted 02-09-2023 03:20
    Edited by Jodi Meier 06-01-2023 17:44

    Thanks for the reply.

    As mentioned above,

    I can get a serial console prompt (using VNC to a host via puTTY behind firewall over my nailed up VPN tunnel) -- but logins fail. 
    I can get an SSH login prompt (via VPN tunnel to trusted VLAN or via VNC to host on trusted VLAN over VPN) -- but logins fail. 
    Dialup (Dynamic) VPN logins fail.


    Nailed up VPN tunnels still operate as normal.
    Traffic passes as normal.

    It's like the Auth engine is down -- a simple reboot fixes this. 

    Of course saying, "just upgrade" is easy -- until one gets burned by a jump to a new version (like what happened between 12 and 15) and this warns the owner that upgrades could be a painful process with downtime. 

    So that aside, has anyone seen the problem of logins failing even though the unit is still running but just denying authorizations?



    ------------------------------
    Ben Kamen
    ------------------------------