Good day,

we use an SSH filter for incomming connection to remotly administrator firewalls.

this means we have an list of ip adresses (permited_ssh_hosts) that may connect to the external SSH port.

the firewall rule:

firewall {
    family inet {
        filter protect_ssh_engine {
            term permit_ssh_from_permited_hosts {
                from {
                    source-prefix-list {
                        permited_ssh_hosts;
                    }
                    protocol tcp;
                    port ssh;
                }
                then accept;
            }
            term discard_ssh_from_all_other_hosts {
                from {
                    protocol tcp;
                    port ssh;
                }
                then {
                    discard;
                }
            }
            term permit_all_other_traffice {
                then accept;
            }
        }
    }
}

However this also limits the external SSH connections (from trust to untrust)

i see some solutions where we need to add the external ip adres to the filter rules.

However a large portion of the firewalls do no have a static ip. they use a dynamic provided ip.

is there a solution to allow all outgoing traffic and still use an ip filter in incomming ssh?

Apply the filter to your loopback interface lo0. Even if there is no address and/or the address is not the management IP it will still filter traffic destined for the RE.

https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-stateless-example-trusted-source-block-telnet-and-ssh-access.html  

Wouw that was easy. 

we always applied the filter to the untrust interfaces.

thanks for making our life a litle bit easier today.

Greetings,

We have a brand new SRX345 that was passed on from another department, that had some configs on it, but never used in production, the previous sysadmin left the company and now I'm trying to factory reset it...

So I do the standard 15 second config reset to go back to factory defaults, but I can't access the MGMT port using 192.168.1.1, nor can I access 192.168.2.1 (configuring my workstation with the appropriate static IPs and subnets.)  So, I decide to console into it, get my console up and running, can see the boot loader running,  etc, but when I get to the login prompt and type root, nothing happens... I expect it to drop down to the cli but nothing, so I reboot, and try to get it via safe mode, but I can't because it doesn't respond to the space bar and bring up the command prompt before boot... the console isn't taking in any input so it seems.  So I look up the settings in the terminal emulator (using Termite, nothing, so I download a trial of Hyperterm, still no inputs.) So I try my laptop that I use to console into my EX switches when need be, but same thing. 

Am I missing something here?  Or does this thing need an RMA?

 Try replacing the CMOS battery on the motherboard - a standard CR2032 coin cell. Worked for me with my SRX210.

Hello , 

Its possible that when you factory reset the configuration , the root permission did not take effect . Because if the device is running 17.1 or above its explicitly denied . So I suggest to try installing 15.1X49 image using loader upgrade : 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/install-software-on-srx.html#id-installing-junos-os-on-srx-series-devices-from-the-boot-loader-using-a-usb-storage-device

Try this , if this works , you can later upgrade the device to latest code . Does not seems to be HW issue as we are getting login prompt in console . 

Hi,  All my SRX work on 19.3R2 or 20.1R1-S1, and i cant find DH group21

Hi dmisan, 

Greetings,

It supports most SRX platforms, Just wanted to know what platform do you have in the SRX ?

Only the below seem to support this dh group 21:

Platform   Supported ReleaseSRX300     Junos OS 19.1R1
SRX320     Junos OS 19.1R1
SRX340     Junos OS 19.1R1
SRX345     Junos OS 19.1R1
SRX380     Junos OS 20.1R1
SRX550 HM  Junos OS 19.1R1
SRX1500    Junos OS 19.1R1
SRX4100    Junos OS 19.1R1
SRX4200    Junos OS 19.1R1
SRX4600    Junos OS 19.1R1
SRX5400    Junos OS 19.1R1
SRX5600    Junos OS 19.1R1
SRX5800    Junos OS 19.1R1

Ohhww, it is strange why 21 groups were left only in 19.1R1. As far as I understand in future versions 20.1-20.4 dh group 21 will not be available?

Hi dmisan, 

Yes, so those are the initial releases from which the support is available.

So if it's in 19.1R1 it would be supported in all the further releases. May I know which  version of junos and what device platform on SRX are you referring to here ?

If your SRX is listed in the below and if you are running 19.1R1 and above, I don't see a reason why it's not working: 

SRX300 , SRX320 , SRX340 , SRX345 , SRX380 , SRX550 H, SRX1500 , SRX4100 , SRX4200 , SRX4600 , SRX5400 , SRX5600 , SRX5800

Requested you to please raise a JTAC case if it's not supported as per the documentation shared earlier.

Hope this helps. 

Please mark "Accept as solution" if this answers your query.  Kudos are appreciated too! 

Regards, 

Sharat Ainapur

I refer to versions 19.3 and 20.1-20.4
Since I see that for the new SRX380, dh group 21 is available in version 20.1, and as I understand it, it is logical to assume that for the remaining SRX dh group21 will be available in future releases of 20 firmware.

Hello dmisan

Yes, you are totally right, For the SRX380 the support is to be provided starting Junos OS 20.1R1 and the future releases as shared earlier. If my answer solved your query please mark it as "Accept as solution". 

Kudos are appreciated too! 

Regards, 

Sharat Ainapur

Thanks, Sam.

The OS is 15.1X49-D140.2

I don't know, maybe it's the console cable...  really stumped here.  It has a dual power supply, but only one is plugged in, could that be causing trouble for some strange reason?

Dang... it was the console cable...  OK, problem solved.

Greetings,

Working with an inherited SRX345 (v. 18.4R3-S2) from previous sysadmin.

Strange thing is, when I commit, it takes almost 90 seconds to commit.

I did a commit | display detail and I'm seeing it run the whole gamut of checks, when it should just be doing relevant checks.

e.g.

2020-07-01 05:36:43 MST: daemons checking new configuration
2020-07-01 05:36:43 MST: Spawning Init daemon to check new configuration
2020-07-01 05:36:43 MST: Spawning Routing protocols process to check new configuration
2020-07-01 05:36:43 MST: Spawning Chassis control process to check new configuration
2020-07-01 05:36:43 MST: Spawning Booting daemon to check new configuration
2020-07-01 05:36:43 MST: Collecting status of Init daemon
2020-07-01 05:36:44 MST: Spawning IPSec Key Management daemon to check new configuration
2020-07-01 05:36:44 MST: Collecting status of Booting daemon
2020-07-01 05:36:44 MST: Spawning PKI service daemon to check new configuration
2020-07-01 05:36:46 MST: Collecting status of IPSec Key Management daemon
2020-07-01 05:36:46 MST: Spawning Secure Neighbor Discovery Protocol process to check new configuration
2020-07-01 05:36:47 MST: Collecting status of PKI service daemon
2020-07-01 05:36:47 MST: sending commit-check command to Firewall process(2054)
2020-07-01 05:36:47 MST: Collecting status of Firewall process
2020-07-01 05:36:47 MST: sending commit-check command to Interface control process(2040)
2020-07-01 05:36:47 MST: Collecting status of Interface control process
2020-07-01 05:36:47 MST: Spawning Simple Network Management Protocol process to check new configuration
2020-07-01 05:36:48 MST: Collecting status of Secure Neighbor Discovery Protocol process

And so on...

Is there some system setting that needs to be changed so that commits are performed much more quickly?

HI A.Vanson,

Can you share the full output from the commit| display detail?
If you do an empty commit do you still face the issue?

set the Syslog file messages to any any if possible and check the logs

>show log messages |grep mgd ( check after every commit for more hints)

Do you have any scripts? or templates ?

> show configuration system scripts

If yes deactivate them and check

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Thanks for your response,

There are no scripts.

I set the log to any any, but is the "show log messages" log?

Here's the full output. 

root@Vilton# commit | display detail
2020-07-01 05:36:39 MST: Obtaining lock for commit
2020-07-01 05:36:39 MST: updating commit revision
2020-07-01 05:36:39 MST: UI extensions feature is not configured
2020-07-01 05:36:39 MST: Started running translation script
2020-07-01 05:36:39 MST: Finished running translation script
2020-07-01 05:36:39 MST: start loading commit script changes
2020-07-01 05:36:39 MST: no commit script changes
2020-07-01 05:36:39 MST: no transient commit script changes
2020-07-01 05:36:39 MST: finished loading commit script changes
2020-07-01 05:36:39 MST: No translation output from the scripts
2020-07-01 05:36:39 MST: copying juniper.db to juniper.data+
2020-07-01 05:36:39 MST: finished copying juniper.db to juniper.data+
2020-07-01 05:36:39 MST: exporting juniper.conf
2020-07-01 05:36:39 MST: expanding interface-ranges
2020-07-01 05:36:39 MST: finished expanding interface-ranges
2020-07-01 05:36:39 MST: expanding groups
2020-07-01 05:36:39 MST: finished expanding groups
2020-07-01 05:36:39 MST: setup foreign files
2020-07-01 05:36:39 MST: update license counters
2020-07-01 05:36:39 MST: finish license counters
2020-07-01 05:36:39 MST: propagating foreign files
2020-07-01 05:36:40 MST: cdg returns = 7(persist groups is not configured (needed for cdg))
2020-07-01 05:36:40 MST: complete foreign files
2020-07-01 05:36:40 MST: dropping unchanged foreign files
2020-07-01 05:36:41 MST: executing 'ffp propagate'
2020-07-01 05:36:43 MST: daemons checking new configuration
2020-07-01 05:36:43 MST: Spawning Init daemon to check new configuration
2020-07-01 05:36:43 MST: Spawning Routing protocols process to check new configuration
2020-07-01 05:36:43 MST: Spawning Chassis control process to check new configuration
2020-07-01 05:36:43 MST: Spawning Booting daemon to check new configuration
2020-07-01 05:36:43 MST: Collecting status of Init daemon
2020-07-01 05:36:44 MST: Spawning IPSec Key Management daemon to check new configuration
2020-07-01 05:36:44 MST: Collecting status of Booting daemon
2020-07-01 05:36:44 MST: Spawning PKI service daemon to check new configuration
2020-07-01 05:36:46 MST: Collecting status of IPSec Key Management daemon
2020-07-01 05:36:46 MST: Spawning Secure Neighbor Discovery Protocol process to check new configuration
2020-07-01 05:36:47 MST: Collecting status of PKI service daemon
2020-07-01 05:36:47 MST: sending commit-check command to Firewall process(2054)
2020-07-01 05:36:47 MST: Collecting status of Firewall process
2020-07-01 05:36:47 MST: sending commit-check command to Interface control process(2040)
2020-07-01 05:36:47 MST: Collecting status of Interface control process
2020-07-01 05:36:47 MST: Spawning Simple Network Management Protocol process to check new configuration
2020-07-01 05:36:48 MST: Collecting status of Secure Neighbor Discovery Protocol process
2020-07-01 05:36:48 MST: Spawning Management Information Base II process to check new configuration
2020-07-01 05:36:49 MST: Collecting status of Simple Network Management Protocol process
2020-07-01 05:36:49 MST: Spawning Alarm control process to check new configuration
2020-07-01 05:36:51 MST: Collecting status of Alarm control process
2020-07-01 05:36:51 MST: Spawning Packet Forwarding Engine statistics management process to check new configuration
2020-07-01 05:36:52 MST: Collecting status of Routing protocols process
2020-07-01 05:36:52 MST: Spawning Traffic sampling control process to check new configuration
2020-07-01 05:36:53 MST: Collecting status of Management Information Base II process
2020-07-01 05:36:53 MST: Spawning Sampling route record process to check new configuration
2020-07-01 05:36:54 MST: Collecting status of Traffic sampling control process
2020-07-01 05:36:54 MST: Spawning Remote operations process to check new configuration
2020-07-01 05:36:54 MST: Collecting status of Sampling route record process
2020-07-01 05:36:54 MST: Spawning Class-of-service process to check new configuration
2020-07-01 05:36:55 MST: Collecting status of Packet Forwarding Engine statistics management process
2020-07-01 05:36:55 MST: Spawning Web management gatekeeper process to check new configuration
2020-07-01 05:36:57 MST: Collecting status of Web management gatekeeper process
2020-07-01 05:36:57 MST: Spawning PPP process to check new configuration
2020-07-01 05:36:57 MST: Collecting status of Class-of-service process
2020-07-01 05:36:57 MST: Spawning Dynamic flow capture service to check new configuration
2020-07-01 05:36:58 MST: Collecting status of Remote operations process
2020-07-01 05:36:58 MST: Spawning Ethernet OAM Link-Fault-Management process to check new configuration
2020-07-01 05:36:58 MST: Collecting status of PPP process
2020-07-01 05:36:58 MST: Spawning Tunnel OAM process to check new configuration
2020-07-01 05:36:59 MST: Collecting status of Chassis control process
2020-07-01 05:36:59 MST: Spawning Junos Dynamic Host Configuration Protocol process to check new configuration
2020-07-01 05:37:00 MST: Collecting status of Ethernet OAM Link-Fault-Management process
2020-07-01 05:37:00 MST: Spawning General authentication process to check new configuration
2020-07-01 05:37:00 MST: Collecting status of Tunnel OAM process
2020-07-01 05:37:00 MST: Spawning Legacy (pre 17.2) Database Replication process to check new configuration
2020-07-01 05:37:00 MST: Collecting status of Dynamic flow capture service
2020-07-01 05:37:00 MST: Spawning Application-identification process to check new configuration
2020-07-01 05:37:02 MST: Collecting status of Legacy (pre 17.2) Database Replication process
2020-07-01 05:37:02 MST: Spawning Application security daemon to check new configuration
2020-07-01 05:37:02 MST: Collecting status of Application-identification process
2020-07-01 05:37:02 MST: Spawning IDP policy daemon to check new configuration
2020-07-01 05:37:04 MST: Collecting status of Application security daemon
2020-07-01 05:37:04 MST: Spawning Shared memory routing socket message database process to check new configuration
2020-07-01 05:37:05 MST: Collecting status of Junos Dynamic Host Configuration Protocol process
2020-07-01 05:37:05 MST: Spawning Subscriber management process to check new configuration
2020-07-01 05:37:05 MST: Collecting status of Shared memory routing socket message database process
2020-07-01 05:37:05 MST: Spawning SCC Chassisd Process to check new configuration
2020-07-01 05:37:07 MST: Collecting status of IDP policy daemon
2020-07-01 05:37:07 MST: Spawning Network security daemon to check new configuration
2020-07-01 05:37:07 MST: Collecting status of General authentication process
2020-07-01 05:37:07 MST: Spawning IPF daemon to check new configuration
2020-07-01 05:37:09 MST: Collecting status of Subscriber management process
2020-07-01 05:37:09 MST: Spawning Advanced Anti-Malware daemon to check new configuration
2020-07-01 05:37:11 MST: Collecting status of IPF daemon
2020-07-01 05:37:11 MST: Spawning Network security trace daemon to check new configuration
2020-07-01 05:37:11 MST: Collecting status of Advanced Anti-Malware daemon
2020-07-01 05:37:11 MST: Spawning Juniper Stateful Redundancy Protocol Daemon to check new configuration
2020-07-01 05:37:14 MST: Collecting status of Juniper Stateful Redundancy Protocol Daemon
2020-07-01 05:37:14 MST: Spawning Tunnel OAM process to check new configuration
2020-07-01 05:37:14 MST: Collecting status of Network security trace daemon
2020-07-01 05:37:14 MST: Spawning Security Log Daemon to check new configuration
2020-07-01 05:37:14 MST: Collecting status of Network security daemon
2020-07-01 05:37:14 MST: Spawning UTM Daemon to check new configuration
2020-07-01 05:37:15 MST: Collecting status of Tunnel OAM process
2020-07-01 05:37:15 MST: Spawning System Health Management Daemon to check new configuration
2020-07-01 05:37:16 MST: Collecting status of Security Log Daemon
[edit security log]
  'report'
    warning: It is recommended to use Stream Logging to an external logging server.
2020-07-01 05:37:16 MST: Spawning Simple Mail Transfer Protocol Client process to check new configuration
2020-07-01 05:37:16 MST: Collecting status of SCC Chassisd Process
2020-07-01 05:37:16 MST: Spawning Wireless WAN process to check new configuration
2020-07-01 05:37:17 MST: Collecting status of Simple Mail Transfer Protocol Client process
2020-07-01 05:37:17 MST: Collecting status of UTM Daemon
2020-07-01 05:37:17 MST: Spawning Dialer services process to check new configuration
2020-07-01 05:37:17 MST: Spawning Logical system multiplexer process to check new configuration
2020-07-01 05:37:17 MST: Collecting status of System Health Management Daemon
2020-07-01 05:37:17 MST: Spawning Bidirectional Forwarding Detection process to check new configuration
2020-07-01 05:37:18 MST: Collecting status of Logical system multiplexer process
2020-07-01 05:37:18 MST: Spawning Layer 2 address flooding and learning process to check new configuration
2020-07-01 05:37:18 MST: Collecting status of Wireless WAN process
2020-07-01 05:37:19 MST: Spawning Event processing process to check new configuration
2020-07-01 05:37:19 MST: Collecting status of Dialer services process
2020-07-01 05:37:19 MST: Spawning Layer 2 Control Protocol process to check new configuration
2020-07-01 05:37:19 MST: Collecting status of Bidirectional Forwarding Detection process
2020-07-01 05:37:19 MST: Spawning MPLS Periodic Traceroute process to check new configuration
2020-07-01 05:37:20 MST: Collecting status of MPLS Periodic Traceroute process
2020-07-01 05:37:20 MST: Spawning Feature license management process to check new configuration
2020-07-01 05:37:21 MST: Collecting status of Event processing process
2020-07-01 05:37:21 MST: Spawning Port based Network Access Control to check new configuration
2020-07-01 05:37:22 MST: Collecting status of Layer 2 address flooding and learning process
2020-07-01 05:37:23 MST: Collecting status of Layer 2 Control Protocol process
2020-07-01 05:37:23 MST: Collecting status of Feature license management process
2020-07-01 05:37:24 MST: Collecting status of Port based Network Access Control
2020-07-01 05:37:24 MST: commit wrapup...
2020-07-01 05:37:24 MST: activating '/var/etc/init.inc'
2020-07-01 05:37:24 MST: activating '/var/etc/ntp.conf'
2020-07-01 05:37:24 MST: activating '/var/etc/bootpd.conf'
2020-07-01 05:37:24 MST: start ffp activate
2020-07-01 05:37:24 MST: executing 'ffp activate'
2020-07-01 05:37:25 MST: activating '/var/etc/master.passwd'
2020-07-01 05:37:27 MST: activating '/var/etc/inetd.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/cosd.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/rc.conf.inc'
2020-07-01 05:37:27 MST: activating '/var/etc/keyadmin.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/sysids'
2020-07-01 05:37:27 MST: activating '/var/etc/login.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/mosquitto.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/csh.login.inc'
2020-07-01 05:37:27 MST: activating '/var/etc/ttys'
2020-07-01 05:37:27 MST: activating '/var/etc/resolv.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/hosts'
2020-07-01 05:37:27 MST: activating '/var/etc/group'
2020-07-01 05:37:27 MST: activating '/var/etc/ntp.keys'
2020-07-01 05:37:27 MST: activating '/var/etc/re_local_intr.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/newsyslog.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/pam.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/pam_radius.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/pam_tacplus.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/ifinfo.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/issue'
2020-07-01 05:37:27 MST: activating '/var/etc/sshd_conf'
2020-07-01 05:37:27 MST: activating '/var/etc/ssh_config'
2020-07-01 05:37:27 MST: activating '/var/etc/certs'
2020-07-01 05:37:27 MST: activating '/var/etc/motd'
2020-07-01 05:37:27 MST: activating '/var/etc/tzset'
2020-07-01 05:37:27 MST: activating '/var/etc/named.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/crontab'
2020-07-01 05:37:27 MST: activating '/var/etc/ifmdata.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/max-db-size-cfg'
2020-07-01 05:37:27 MST: activating '/var/etc/subs-mgmt-cfg'
2020-07-01 05:37:27 MST: activating '/var/etc/vmm.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/db_ext-cfg'
2020-07-01 05:37:27 MST: activating '/var/etc/stunnel.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/lighttpd.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/lighttpd.server.pem'
2020-07-01 05:37:27 MST: activating '/var/etc/lighttpd.ca.cert'
2020-07-01 05:37:27 MST: activating '/var/etc/lighttpd.addresses'
2020-07-01 05:37:27 MST: activating '/boot/ffp.cookie'
2020-07-01 05:37:27 MST: activating '/var/etc/ephinst.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/disable_def_eph'
2020-07-01 05:37:27 MST: activating '/var/etc/smartd_working.conf'
2020-07-01 05:37:27 MST: activating '/var/etc/enable_compact_json'
2020-07-01 05:37:27 MST: activating '/var/etc/jeb_conf'
2020-07-01 05:37:27 MST: activating '/var/etc/jeb_stunnel.conf'
2020-07-01 05:37:27 MST: executing foreign_commands
2020-07-01 05:37:27 MST: /bin/sh /etc/rc.ui ui_setup_users (sh)
2020-07-01 05:37:28 MST: executing ui_commit in rc.ui
2020-07-01 05:37:32 MST: finish ffp activate
2020-07-01 05:37:32 MST: copying configuration to juniper.save
2020-07-01 05:37:32 MST: db_check_constraint_ids_clear start
2020-07-01 05:37:32 MST: db_check_constraint_ids_clear done
2020-07-01 05:37:32 MST: db_groups_info_clear start
2020-07-01 05:37:32 MST: db_groups_info_clear done
2020-07-01 05:37:32 MST: activating '/var/run/db/juniper.data'
2020-07-01 05:37:32 MST: Rotate backup configs
2020-07-01 05:37:32 MST: ssync begins
2020-07-01 05:37:34 MST: ssync ends
2020-07-01 05:37:34 MST: ssync begins
2020-07-01 05:37:36 MST: ssync ends
2020-07-01 05:37:36 MST: notifying daemons of new configuration
2020-07-01 05:37:36 MST:  notifying none(0)
2020-07-01 05:37:36 MST: cannot signal 'None process', signal 1, no pid
2020-07-01 05:37:36 MST:  notifying mgd(1)
2020-07-01 05:37:36 MST: signaling 'Management process', pid 2044, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:36 MST:  notifying cli(2)
2020-07-01 05:37:36 MST: cannot signal 'Command-line interface', signal 1, no pid
2020-07-01 05:37:36 MST:  notifying init(4)
2020-07-01 05:37:38 MST: signaling 'Init daemon', pid 1, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying rpd(5)
2020-07-01 05:37:38 MST: signaling 'Routing protocols process', pid 2047, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying chassisd(6)
2020-07-01 05:37:38 MST: signaling 'Chassis control process', pid 2041, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying xntpd(7)
2020-07-01 05:37:38 MST: signaling 'Network time process', pid 10275, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying bootpd(8)
2020-07-01 05:37:38 MST: cannot signal 'Booting daemon', signal 1, no pid
2020-07-01 05:37:38 MST:  notifying commit-syncd(9)
2020-07-01 05:37:38 MST: cannot signal 'Commit synchronize server', signal 1, no pid
2020-07-01 05:37:38 MST:  notifying kmd(10)
2020-07-01 05:37:38 MST: signaling 'IPSec Key Management daemon', pid 2052, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying pkid(13)
2020-07-01 05:37:38 MST: signaling 'PKI service daemon', pid 2081, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying sendd(14)
2020-07-01 05:37:38 MST: signaling 'Secure Neighbor Discovery Protocol process', pid 2070, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying dfwd(16)
2020-07-01 05:37:38 MST: signaling 'Firewall process', pid 2054, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying dcd(17)
2020-07-01 05:37:38 MST: signaling 'Interface control process', pid 2040, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:38 MST:  notifying cmdd(18)
2020-07-01 05:37:38 MST: cannot signal 'Process container command handler', signal 1, no pid
2020-07-01 05:37:38 MST:  notifying snmpd(19)
2020-07-01 05:37:39 MST: signaling 'Simple Network Management Protocol process', pid 2045, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying mib2d(20)
2020-07-01 05:37:39 MST: signaling 'Management Information Base II process', pid 2046, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying alarmd(23)
2020-07-01 05:37:39 MST: signaling 'Alarm control process', pid 2042, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying pfed(24)
2020-07-01 05:37:39 MST: signaling 'Packet Forwarding Engine statistics management process', pid 2050, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying craftd(25)
2020-07-01 05:37:39 MST: signaling 'Craft interface I/O control process', pid 2043, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying sampled(26)
2020-07-01 05:37:39 MST: signaling 'Traffic sampling control process', pid 9566, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying srrd(27)
2020-07-01 05:37:39 MST: signaling 'Sampling route record process', pid 9568, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying rmopd(29)
2020-07-01 05:37:39 MST: signaling 'Remote operations process', pid 9567, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying cosd(30)
2020-07-01 05:37:39 MST: signaling 'Class-of-service process', pid 2051, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying irsd(31)
2020-07-01 05:37:39 MST: signaling 'Internal routing service process', pid 2055, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying ksyncd(34)
2020-07-01 05:37:39 MST: cannot signal 'Kernel replication process', signal 1, no pid
2020-07-01 05:37:39 MST:  notifying inetd(35)
2020-07-01 05:37:39 MST: signaling 'Inet process', pid 2049, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying httpd-gk(36)
2020-07-01 05:37:39 MST: signaling 'Web management gatekeeper process', pid 2082, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying pppd(40)
2020-07-01 05:37:39 MST: signaling 'PPP process', pid 2060, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying dfcd(41)
2020-07-01 05:37:39 MST: cannot signal 'Dynamic flow capture service', signal 1, no pid
2020-07-01 05:37:39 MST:  notifying fwdd(43)
2020-07-01 05:37:39 MST: signaling 'Forwarding Daemon', pid 2057, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying lfmd(45)
2020-07-01 05:37:39 MST: signaling 'Ethernet OAM Link-Fault-Management process', pid 2065, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying oamd(46)
2020-07-01 05:37:39 MST: signaling 'Tunnel OAM process', pid 2064, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:39 MST:  notifying tnetd(47)
2020-07-01 05:37:39 MST: cannot signal 'TNP process', signal 1, no pid
2020-07-01 05:37:39 MST:  notifying jdhcpd(49)
2020-07-01 05:37:40 MST: signaling 'Junos Dynamic Host Configuration Protocol process', pid 2066, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying authd(51)
2020-07-01 05:37:40 MST: signaling 'General authentication process', pid 2067, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying nfsd(54)
2020-07-01 05:37:40 MST: cannot signal 'Remote NFS server', signal 1, no pid
2020-07-01 05:37:40 MST:  notifying mountd(55)
2020-07-01 05:37:40 MST: cannot signal 'Service for NFS mounts requests', signal 1, no pid
2020-07-01 05:37:40 MST:  notifying bdbrepd(56)
2020-07-01 05:37:40 MST: signaling 'Legacy (pre 17.2) Database Replication process', pid 2069, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying appidd(58)
2020-07-01 05:37:40 MST: signaling 'Application-identification process', pid 2084, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying appsecured(59)
2020-07-01 05:37:40 MST: signaling 'Application security daemon', pid 2085, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying idpd(60)
2020-07-01 05:37:40 MST: signaling 'IDP policy daemon', pid 2086, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying shm-rtsdbd(62)
2020-07-01 05:37:40 MST: signaling 'Shared memory routing socket message database process', pid 2073, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying datapath-traced(63)
2020-07-01 05:37:40 MST: signaling 'DATAPATH Trace process', pid 2087, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying smid(64)
2020-07-01 05:37:40 MST: signaling 'Subscriber management process', pid 2072, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying smihelperd(65)
2020-07-01 05:37:40 MST: signaling 'Subscriber management helper process', pid 9575, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying gstatd(67)
2020-07-01 05:37:40 MST: cannot signal 'geom-device performance monitoring daemon', signal 1, no pid
2020-07-01 05:37:40 MST:  notifying scchassisd(71)
2020-07-01 05:37:40 MST: cannot signal 'SCC Chassisd Process', signal 1, no pid
2020-07-01 05:37:40 MST:  notifying repd(72)
2020-07-01 05:37:40 MST: signaling 'Replication Process', pid 2088, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying nsd(76)
2020-07-01 05:37:40 MST: signaling 'Network security daemon', pid 2077, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying ipfd(77)
2020-07-01 05:37:40 MST: signaling 'IPF daemon', pid 2089, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying aamwd(78)
2020-07-01 05:37:40 MST: signaling 'Advanced Anti-Malware daemon', pid 2090, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying nstraced(79)
2020-07-01 05:37:40 MST: signaling 'Network security trace daemon', pid 2091, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying jsrpd(81)
2020-07-01 05:37:40 MST: signaling 'Juniper Stateful Redundancy Protocol Daemon', pid 2076, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:40 MST:  notifying oamd(83)
2020-07-01 05:37:40 MST: signaling 'Tunnel OAM process', pid 2064, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying rtlogd(84)
2020-07-01 05:37:43 MST: signaling 'Security Log Daemon', pid 2092, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying utmd(85)
2020-07-01 05:37:43 MST: signaling 'UTM Daemon', pid 2093, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying xntpd(86)
2020-07-01 05:37:43 MST: signaling 'Network time process', pid 10275, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying syshmd(87)
2020-07-01 05:37:43 MST: signaling 'System Health Management Daemon', pid 2095, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying smtpd(88)
2020-07-01 05:37:43 MST: signaling 'Simple Mail Transfer Protocol Client process', pid 2096, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying wwand(89)
2020-07-01 05:37:43 MST: signaling 'Wireless WAN process', pid 2071, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying ipmid(90)
2020-07-01 05:37:43 MST: cannot signal 'Intelligent platform management interface daemon', signal 1, no pid
2020-07-01 05:37:43 MST:  notifying wmicd(93)
2020-07-01 05:37:43 MST: cannot signal 'wmicd service process', signal 1, no pid
2020-07-01 05:37:43 MST:  notifying webapid(94)
2020-07-01 05:37:43 MST: signaling 'webapi service process', pid 2098, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying llmd(95)
2020-07-01 05:37:43 MST: signaling 'Local Log Management Daemon', pid 11270, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying dood(96)
2020-07-01 05:37:43 MST: signaling 'Dialer services process', pid 2059, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying ppmd(97)
2020-07-01 05:37:43 MST: signaling 'Periodic packet management process', pid 2053, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying lrmuxd(98)
2020-07-01 05:37:43 MST: cannot signal 'Logical system multiplexer process', signal 1, no pid
2020-07-01 05:37:43 MST:  notifying bfdd(100)
2020-07-01 05:37:43 MST: signaling 'Bidirectional Forwarding Detection process', pid 2056, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying l2ald(102)
2020-07-01 05:37:43 MST: signaling 'Layer 2 address flooding and learning process', pid 2048, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying eventd(103)
2020-07-01 05:37:43 MST: signaling 'Event processing process', pid 1672, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying l2cpd(104)
2020-07-01 05:37:43 MST: signaling 'Layer 2 Control Protocol process', pid 2063, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying mplsoamd(106)
2020-07-01 05:37:43 MST: signaling 'MPLS Periodic Traceroute process', pid 2068, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying license-check(108)
2020-07-01 05:37:43 MST: signaling 'Feature license management process', pid 2100, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:43 MST:  notifying jsd(111)
2020-07-01 05:37:43 MST: cannot signal 'JET Services Daemon', signal 1, no pid
2020-07-01 05:37:43 MST:  notifying mgd-api(113)
2020-07-01 05:37:43 MST: signaling 'Management Daemon GRPC server', pid 2102, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:47 MST:  notifying xmlproxyd(114)
2020-07-01 05:37:47 MST: signaling 'XMLPROXY Daemon', pid 2103, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:47 MST:  notifying sdxd(121)
2020-07-01 05:37:47 MST: signaling 'Service Deployment Client', pid 2104, signal 1, status 0 with notification errors enabled
2020-07-01 05:37:47 MST:  notifying dot1xd(122)
2020-07-01 05:37:47 MST: signaling 'Port based Network Access Control', pid 2105, signal 1, status 0 with notification errors enabled
2020-07-01 05:38:00 MST: ssync begins
2020-07-01 05:38:06 MST: ssync ends
2020-07-01 05:38:06 MST: commit complete

Hello,

SRX300 series have a very very slow CPU installed. Especially if you are running the SRX as a cluster, the commit time is extremely long on this platform. When you say almost 90 seconds, I suppose that you run this as a cluster. Please consider this as "normal", as the SRX300 is a highly cost-effective platform. Lots of features, but the CPU is very slow as well.

A.Vanson,

This could be the issue:

2020-07-01 05:37:16 MST: Collecting status of Security Log Daemon
[edit security log]
'report'
warning: It is recommended to use Stream Logging to an external logging server.

Please remove this and check, if the issue is still present check the following:

High CPU?

spiking processes? 

Core dumps?

mgd logs ?

Sampling or event policies enabled?

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Thanks F1ght3r,

We have another SRX and the commit times are more like 5 to 10 seconds.

This SRX was running in cluster mode, but I have turned this off.  However that does confirm my suspicions that this long commit time may be something left over from cluster mode.  I ran set chassis cluster disable reboot previously in order to get this SRX into a factory reset state.

Are there any more settings I need to change?

Thank you.