Press "Enter" to skip to content

Posts published in “Juniper”

Juniper Space Security Director Policy Hit Counts Not Updated Automatically

0

Issue Symptons: Normally, each firewall rule on the SRX auto-updates a snmp counter for hit-count, regardless of whether ‘count’ is configured or not.  Juniper Space Security Director periodically polls these OIDs and updates the hit-count.    In Junper Space 16.1 R1, the issue found is unable to view policy hit counts from Juniper Space Security Director, but SRX itself is keep updating.  Actions Taken: Verify Security Appliance Policy Hits from Command line root@fw-mgmt-2> show security policies hit-count node1: -------------------------------------------------------------------------- Logical…

Juniper Space License Issue on Citrix Xen Environment

0

Based on Juniper “Junos Space Virtual Appliance Installation and Configuration Guide” , JunOS Space “ must deploy the virtual appliance on a VMware ESX, VMWare ESXi or KVM server, which provides a CPU, hard disk, RAM, and a network controller, but requires installation of an operating system and applications to become fully functional.” In my test environment, one JunOS Space has been installed on Citrix Xen environment and it is working fine until we tried to import a license. The license…

Add Juniper SRX Cluster into JunOS Space 16.1 Security Director

1

My old post “Import Existing Juniper SRX Cluster into JunOS Space Security Director” was created based on Space 14.1 and SRX11.x version. Now both have been upgraded. Space NMP and Security Director have been upgrade to 16.1 (Post is here). SRX240H has been upgrade to 12.1D46.55. Basically, all steps are similar except the web interface is different. What you need to do is to configure your SRX cluster with a master-only ip on both nodes. The configuration should looks like…

Juniper JUNOS Commands (Tips and Tricks)

1

Juniper Networks has a Day one book for ‘JunOS Tips, Techniques, and Templates 2011’ in Junos Fundamentals Series. To record some my own tips, I put them together in this post. Let me know if you have some more to share. 1.  Find big size files  find . -type f -size +10000 -exec ls -lh {} ;  root@FW% find . -type f -size +10000 -exec ls -lh {} ;-rw-r–r–  1 930  929   134M Jan  5 17:34 ./cf/packages/junos-11.4R6.6-domestic-rw-r–r–  1 root…

JunOS Space Network Management Platform Basic Configuration including Log Collector

0

JunOS Space is in my environment and starting to replace NSM. I have played with in testing lab which recorded in my previous posts: Install JUNOS Space Virtual Appliance at ESXi 5.5 Installation of Junos Space Security Director and Managing Juniper Firewall Juniper vSRX Firewall (Firefly Perimeter) installation in ESXi and Managed by JunOS Space Import Existing Juniper SRX Cluster into JunOS Space Security Director In this post, I will focus on more regarding JunOS Space itself, some basic configuration…

Juniper JunOS Space Upgrade Procedures from 14.1 to 16.1

0

Usually you can easily upgrade an application from the Junos Space user interface. You must download the image file for the new version of the application, navigate to the Applications page (Network Management Platform > Administration > Applications) and select the application that you want to upgrade. From the right-click menu, choose Upgrade Application to upload the image file into Junos Space via HTTP or SCP. But upgrade JunOS Space to latest version 16.1 is different and it is not…

Procedures to Deploy RMA device into Juniper SRX Chassis Cluster

0

Juniper KB mentioned some RMA steps for failed Juniper device replacement. There are some steps not clear enough. I put some more configuration steps in this post for future reference: There are many preparation works before you can add RMA device into your chassis group. Step 1, Upgrade JunOS RemotelyUsually your RMA Device is delivered to the production environment to do replacement. You will have to remotely upgrade JunOS first. login: rootroot> --- JUNOS 10.0R1.8 built 2009-11-03 10:06:39 UTCroot> root>…

Juniper Firewall SRX240H Crashed with Error ‘nearing maxproc limit by uid 0,please see tuning(7) and login.conf(5)’

0

One of Juniper Firewall SRX240H had a serious crash. Manual reboot/shutdown did not work. To reset it, I would have to do a hard reset / power cycle device. It would allow to log in from console, but you wont be able to see any configuration. Here is outputs from this crashed Juniper SRX240H console: {secondary:node0}jonny@fw-1> show interfaces terse Interface Admin Link Proto Local Remotefxp0 up up fxp0.0 up up inet 10.9.1.11/24 fxp1 up up fxp1.0 up up inet 129.16.0.1/2…

Juniper SRX340 HA Configuraiton

0

The SRX340 Services Gateway has a capacity of 3 gigabits per second (Gbps) and is 1 rack unit (U) tall. This services gateway has eight 1 G Ethernet ports, eight 1 G SFP ports, one management port, 4 GB of DRAM memory, 8 GB of flash memory, and four Mini-Physical Interface Module (Mini-PIM) slots. SRX 340 Front Panel SRX 340 Back Panel The connection is a little different from SRX 240 and 1400. Here are some related posts: Configure SRX…

JunOS SRX Cluster Upgrade Failed

1

For SRX1400, SRX3400, SRX3600, SRX5600, and SRX5800 devices, command introduced in Junos OS Release 9.6 and support for reboot as a required parameter added in Junos OS Release 11.2R2. For SRX100, SRX210, SRX220, SRX240, and SRX650 devices, command introduced in Junos OS Release 11.2R2. For SRX5400 devices, the command is introduced in Junos OS Release 12.1X46-D20. Symptoms:  Symptom 1: “tar: Archive contains obsolescent base-64 headers” root@fw-1> request system software add no-copy /var/tmp/junos-srxsme-12.1X44-D40.2-domestic.tgz no-validate Formatting alternate root (/dev/da0s2a).../dev/da0s2a: 627.4MB (1284940 sectors)…