Quantcast
Channel: All SRX Services Gateway posts
Viewing all 17645 articles
Browse latest View live

Re: no-syn-check

$
0
0

Thanks Nellikka...Now it is clear....Really appreciated....


Re: upgrade

$
0
0

Thanks reply....

With the command of show system snapshot media internal, we can see when snapshoot has been taken but it doesn't say when new version has been installed? Snapshot and upgrade should be different thing, isn't it?

What I want to see is to perform cli to see old/previosu one version of junos and when the update was done and who did?

 

Re: upgrade

$
0
0
Hi Arix,

One way to check the release history is to check the inventory file as shown below


show log inventory | match release
Dec 14 16:43:28 CHASSISD release 16.1R3-S1.3 built by builder on 2016-12-14 21:09:49 UTC
Dec 7 04:45:35 CHASSISD release 18.4R1.2 built by builder on 2018-11-24 09:54:56 UTC

To check who did the software upgrade or downgrade, you need to check the interactive-logs history .

Regards,
Jibu

Re: upgrade

$
0
0

Hi,

 

Here is another way to check the current and previous version, in case log files have got overwritten and software backup has been deleted.

 

root@srx% ls -l /var/sw/pkg/
total 1381636
-rw-r--r--  1 root  wheel  707195118 Jul 14 15:19 junos-srxmr-15.1X49-D130.6-domestic-signed.tgz   << current version
-rw-r--r--  1 root  wheel         40 Jul 14 15:16 rollback

 

root@srx% cat /var/sw/pkg/rollback 
JUNOS Software Release [15.1X49-D140.3]   << rollback version

 

To check who did the upgrade we would need to rely on the interactive logs or external syslog provided they go that far back.

show log interactive | match "request system software"
show log interactive.0.gz | match "request system software"
and so on...

 

Regards,

 

Vikas

SRX 340 CONSOLE PORT

$
0
0

Hi all,

 

On SRX340 front panel, there are two console ports, i.e Serial Port (Ethernet) + Mini USB.

I would like to disable the Mini USB without disable the Serial Port.

Is it possible?

Kindly share the command to do so.

 

I only manage to find the command to disable CONSOLE, instead of disable CONSOLE port seperately.

 

Thank you.

Traffic bypass when the link comes down and PBR

$
0
0

Hi to all,

I have a customer who has an SRX345. They have got configured a routing instance for to split the output traffic to internet via two links. The IT support users are using a policy based route to browse internet via the first link, so the rest of the users browse via the second link.

This is working properly without issues but if the first link comes down, the IT support users are not reaching internet. Is there anyway to do a bypass of this PBR?? I have probed to configure a qualyfied-next-hop in the routing-instance but is not working... Any idea??

They have got configure an RPM probe to monitoring the second link. When the second link comes down, the traffic goes via the first link. If I configure a RPM probe to monitor the fist link, the traffic bypass via the second link would work fine???

If you need something info more please tell me, please.

Thanks in advance!!

Regards,

David.

Re: Traffic bypass when the link comes down and PBR

How to troubleshoot VPN performance?

$
0
0

We have the following scenario:-

 

SiteA ---- Hub (1Gb) ---- SiteB

 

Data transfer rates are tested between sites using iperf, and also Windows file transfer as a secondary check.

 

SiteA's results are as expected i.e. the upload and download speeds track the underlying connection. Also, raw internet speed tests are as expected.

 

SiteB's results are not as expected. The upload is about right, in this instance ~70Mb; however. the download speeds crawl along at 3Mb. Raw internet speed tests are as expected i.e. 90Mb synchronous.

 

The Hub is a reliable 1Gb connection on a SRX340. There is no rate-limiting.

The sites use SRX320 devices, and the configs are essentially identical. 

 

How can I start to troubleshoot where the issue might lie?


Re: How to troubleshoot VPN performance?

$
0
0

Hope you are testing TCP traffic.

1. Find out MSS value for each site using ping command from the end system and compare whether they are same.

2. Take packet capture from Site A and B test PC and compare the capture. Look for MSS value, TCP re-transmission, fragmentation, delay between request and response etc

 

 

 

Re: SRX 340 CONSOLE PORT

Re: SRX 340 CONSOLE PORT

Re: Site to Site VPN SRX300 to netscreen25 stuck in Phase 2

$
0
0

Hi all..

 

Really need help ! anyone can advise - Site to site VPN

 

Thanks

Zen

Re: multiple time using commit confirm

$
0
0

Hello Arix,

 

Any command starting with "commit" issued after a "commit confirmed" while the timer has not expired yet, will commit the configuration.

 

Best example is "commit check" .

 

Thanks!

Re: SRX 340 CONSOLE PORT

Re: Shrew VPN Connection issue

$
0
0

Hi ,

 

May i know regarding your previous test between shrew and srx1500 is it stable after u change the idle timeout? I'm looking the free vpn client software such as shrew.

 

 

Thanks and appreciate anyone feedback

 


replay errors

$
0
0

Hi all,

what is the reason the follwing mes log is hugely generating? And what troubleshooting should be done and what solution to address?

RT_IPSEC: RT_IPSEC_REPLAY: Replay packet detected on IPSec tunnel on xe-1/1/2.0 with tunnel ID 0x4000100! From 10.10.10.10 to 150.145.260.18/552, ESP, SPI 0x293be11c, SEQ 0x169af.

Re: replay errors

Re: replay errors

$
0
0

Hi Arix,

 

The reason you're seeing this log message is due to the Replay attack, where the ESP packet is intercepted, then modified and re-transmitted back.

 

However, it may not be due to an attack but other factors such as congestion, out-of-order packets, etc.

 

As spuluka stated, please refer to the KB article for more explanation and let us know if you have further queries.

Re: upgrade

$
0
0

Hi Arix,

 

There is a separate log to keep track of Junos installation, it will let you know at what time Junos upgrade was initialized and the type of Junos upgrade that was performed. 

 

user@host> show log install

user@host> show log install.0.gz

 

Let me know if you've any further queries.

Re: replay errors

$
0
0

From shell to get some .pcap on a interface in order to see what happens on ESP packets, can you provide tcpdump with its more usefull arguments? 

tried the following but didn't work:

tcpdump -in xe-1/1/1 -s 5000 -w /var/tmp/capture.pcap -c 1000
BIOCSETIF: n: Device not configured

Viewing all 17645 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>