Thanks Nellikka...Now it is clear....Really appreciated....
Re: no-syn-check
Re: upgrade
Thanks reply....
With the command of show system snapshot media internal, we can see when snapshoot has been taken but it doesn't say when new version has been installed? Snapshot and upgrade should be different thing, isn't it?
What I want to see is to perform cli to see old/previosu one version of junos and when the update was done and who did?
Re: upgrade
One way to check the release history is to check the inventory file as shown below
show log inventory | match release
Dec 14 16:43:28 CHASSISD release 16.1R3-S1.3 built by builder on 2016-12-14 21:09:49 UTC
Dec 7 04:45:35 CHASSISD release 18.4R1.2 built by builder on 2018-11-24 09:54:56 UTC
To check who did the software upgrade or downgrade, you need to check the interactive-logs history .
Regards,
Jibu
Re: upgrade
Hi,
Here is another way to check the current and previous version, in case log files have got overwritten and software backup has been deleted.
root@srx% ls -l /var/sw/pkg/
total 1381636
-rw-r--r-- 1 root wheel 707195118 Jul 14 15:19 junos-srxmr-15.1X49-D130.6-domestic-signed.tgz << current version
-rw-r--r-- 1 root wheel 40 Jul 14 15:16 rollback
root@srx% cat /var/sw/pkg/rollback
JUNOS Software Release [15.1X49-D140.3] << rollback version
To check who did the upgrade we would need to rely on the interactive logs or external syslog provided they go that far back.
show log interactive | match "request system software"
show log interactive.0.gz | match "request system software"
and so on...
Regards,
Vikas
SRX 340 CONSOLE PORT
Hi all,
On SRX340 front panel, there are two console ports, i.e Serial Port (Ethernet) + Mini USB.
I would like to disable the Mini USB without disable the Serial Port.
Is it possible?
Kindly share the command to do so.
I only manage to find the command to disable CONSOLE, instead of disable CONSOLE port seperately.
Thank you.
Traffic bypass when the link comes down and PBR
Hi to all,
I have a customer who has an SRX345. They have got configured a routing instance for to split the output traffic to internet via two links. The IT support users are using a policy based route to browse internet via the first link, so the rest of the users browse via the second link.
This is working properly without issues but if the first link comes down, the IT support users are not reaching internet. Is there anyway to do a bypass of this PBR?? I have probed to configure a qualyfied-next-hop in the routing-instance but is not working... Any idea??
They have got configure an RPM probe to monitoring the second link. When the second link comes down, the traffic goes via the first link. If I configure a RPM probe to monitor the fist link, the traffic bypass via the second link would work fine???
If you need something info more please tell me, please.
Thanks in advance!!
Regards,
David.
Re: Traffic bypass when the link comes down and PBR
Failover is possible. Please check the KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22052&actp=METADATA
How to troubleshoot VPN performance?
We have the following scenario:-
SiteA ---- Hub (1Gb) ---- SiteB
Data transfer rates are tested between sites using iperf, and also Windows file transfer as a secondary check.
SiteA's results are as expected i.e. the upload and download speeds track the underlying connection. Also, raw internet speed tests are as expected.
SiteB's results are not as expected. The upload is about right, in this instance ~70Mb; however. the download speeds crawl along at 3Mb. Raw internet speed tests are as expected i.e. 90Mb synchronous.
The Hub is a reliable 1Gb connection on a SRX340. There is no rate-limiting.
The sites use SRX320 devices, and the configs are essentially identical.
How can I start to troubleshoot where the issue might lie?
Re: How to troubleshoot VPN performance?
Hope you are testing TCP traffic.
1. Find out MSS value for each site using ping command from the end system and compare whether they are same.
2. Take packet capture from Site A and B test PC and compare the capture. Look for MSS value, TCP re-transmission, fragmentation, delay between request and response etc
Re: SRX 340 CONSOLE PORT
I don't have a srx300 series to test but there is a command to set the console port type when both the usb and rj45 are on a device.
But it does seem like it might be expecting the reverse of what you want enabling usb not rj45.
Re: SRX 340 CONSOLE PORT
Hi dt1987,
If above command isn't working on your SRX, try this, however know this might disable the generic USB storage port too.
set system processes usb-control disable
Hope this helps.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated .
Re: Site to Site VPN SRX300 to netscreen25 stuck in Phase 2
Hi all..
Really need help ! anyone can advise - Site to site VPN
Thanks
Zen
Re: multiple time using commit confirm
Hello Arix,
Any command starting with "commit" issued after a "commit confirmed" while the timer has not expired yet, will commit the configuration.
Best example is "commit check" .
Thanks!
Re: SRX 340 CONSOLE PORT
You can also look for the following document for securing console port Access, This might help you to solve the required purpose without disabling the port.
Re: Shrew VPN Connection issue
Hi adgwytc,
May i know regarding your previous test between shrew and srx1500 is it stable after u change the idle timeout? I'm looking the free vpn client software such as shrew.
Thanks and appreciate anyone feedback
replay errors
Hi all,
what is the reason the follwing mes log is hugely generating? And what troubleshooting should be done and what solution to address?
RT_IPSEC: RT_IPSEC_REPLAY: Replay packet detected on IPSec tunnel on xe-1/1/2.0 with tunnel ID 0x4000100! From 10.10.10.10 to 150.145.260.18/552, ESP, SPI 0x293be11c, SEQ 0x169af.
Re: replay errors
This could be an attack or the result of network congestion or fragmentation issues. This kb outlines the possible causes and options.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB29580
Re: replay errors
Hi Arix,
The reason you're seeing this log message is due to the Replay attack, where the ESP packet is intercepted, then modified and re-transmitted back.
However, it may not be due to an attack but other factors such as congestion, out-of-order packets, etc.
As spuluka stated, please refer to the KB article for more explanation and let us know if you have further queries.
Re: upgrade
Hi Arix,
There is a separate log to keep track of Junos installation, it will let you know at what time Junos upgrade was initialized and the type of Junos upgrade that was performed.
user@host> show log install
user@host> show log install.0.gz
Let me know if you've any further queries.
Re: replay errors
From shell to get some .pcap on a interface in order to see what happens on ESP packets, can you provide tcpdump with its more usefull arguments?
tried the following but didn't work:
tcpdump -in xe-1/1/1 -s 5000 -w /var/tmp/capture.pcap -c 1000
BIOCSETIF: n: Device not configured