SRX Services Gateway
Reply
Contributor
Hedia
Posts: 93
Registered: ‎05-28-2008
0

Re: Problems with SRX 240 Firewall

Hello RAM,

 

Unfortunately, you are another victim of Juniper SRX.

I deployed more than 100 SSG devices in the past with less than 10 cases open with JTAC.

One year ago, we deployed two cluster of SRX 240 and the nightware begun...

Slow GUI, NSM integration is a joke, IDP crash, etc, etc.

This is an endless story.

 

Basically, this is most buggiest platform I ever play with...

 

We will ask Juniper to replace them with 4 SSG320M.

We are waiting input from them.

 

Maybe you can also do the same...

 

Regards,

 

Hedi

Contributor
bramsuresh@deltatec.in
Posts: 15
Registered: ‎01-20-2011
0

Re: Problems with SRX 240 Firewall

 

Hii Hedi,

 

Thanks a lot for the replay.Just thinking that i am only the victim from the replies i am getting

 

may be i got some one who accepts that there are bugs in the SRX boxs.

 

Even i installed soo many SSG boxes and EX4200 and 3200 Swicthes with very less cases

 

But for my new site as i blindly thought juniper will not make me down i didnt went deep reg the new

 

product and deployed SRX in HA and EX2200 with 100 nos and core EX4200.

 

This SRX is working like Hell. No Track IP like SSG, More CPU and Memory utlization

 

due to 2 partions and IDP signature and dector data base issues for which the box will Hang r else

 

the flash r even the partion gets crouppted.I do not know with out a 100% checkup and no proper work out

 

they released the product in to the market and they are loosing the complete hope on the juniper brand

 

which will effect on the other good working products like SSG and Ex4200 and 3200 swicthes.

 

Even i bought EX2200 with out the minimum L2 features in it and they are telling now still they are in

 

implementation part and in the other releases they will fix .god knows when they will fix without bugs

 

i had a question to ask u .i will also ask the guys to give me SSG-520

 

but the IDP is not there in that and only the DI which will not block torrents.pls let me know is there any alternate

 

way to block the torrents with SSG-520 as its very imp for my site with no other addon device like IDP

 

once again thanks for the reply

 

RAMS

 

RAMS
Contributor
Hedia
Posts: 93
Registered: ‎05-28-2008
0

Re: Problems with SRX 240 Firewall

Hello,

 

I'm also running IDP on the SRX.

Deep inspection is not an alternative to the IDP...

If you really need an IPS, you need to by another box...

In my case, I prefer to have a stable cluster (SSG) rather than a full features (according to Juniper !) box crashing every few days.

 

Maybe you can install another firewall in layer two mode to handle application control, bandwidth management, IPS and other usefull features.

Sonicwall is quite good in this area. In few weeks, I could probably give you some comments about Palo Alto...

 

Regards,

 

Hedi

Contributor
amjain
Posts: 26
Registered: ‎03-29-2010
0

Re: Problems with SRX 240 Firewall

[ Edited ]

This post removed due to confidentiality violation

 

-Moderator

Contributor
bramsuresh@deltatec.in
Posts: 15
Registered: ‎01-20-2011
0

Re: Problems with SRX 240 Firewall

 

 

Dear Friend, 

 

Thanks for the feedback

 

Just want to know how can u say by the RMA details i kept the box in a frequent power failures area.

 

They have not mentioned any where in the case ITS WRONG stateEMENT DELIVER BY U .

 

Can u pls tell me from which country u belong to just to know

 

To ur notice i kept the box in a very secure area in which i had nealy 127 devices along with this SRX

 

I never mention in the case r else in the RMA that the box is having problem with power  u r mistaken

 

The box is having problem with flash and memory due to this there are several problems

 

can i know which SRX box u r using just curious not having with any problem with that

 

i can c in the lastest junoes release that there are nealy some 150 bugs still pendning yet to sorted out

 

The 1GB flash which is giving with the box is not at all sufficient for the desired requirment

 

Each core dump file is 100 MB and if there are 2 core dump files the box gets hangs and flash corrupts

 

hope u got now what i am trying to tell u .There is no problem with the power r relse the power supply

 

Problem  which i am facing

 

1.SRX240 New box

 

2. The box comes with dual partion primary and backup with 10.0R1

 

3. For my requirement i need to update to 10.4R1

 

4. After doing this the remaining space in Primary partion is 215 MB only

 

5. If i enable syslog for every 6 hours its creating one core dump file which is 100 mb

 

6. IF i leave for 1 day the flash gets full and device hangs

 

7.If i disable syslog i will get a core dump file 100 mb for every 12 hours

 

8.If i delete the file in time the box runs fine no problem but if i do not delete same problem

 

so if u have a box and u try all the above which i mentioned they tell me what u r facing

 

so do not tell and misguide that that problem is with power .ITS NOT WITH POWER PROBLEM K.

 

ITS WITH 1GB insufficiuent flash k

 

THANK YOU

 

ram

 

 

 

 

RAMS
Trusted Expert
Automate
Posts: 784
Registered: ‎11-01-2007
0

Re: Problems with SRX 240 Firewall

Ram,

 

I'm sorry to hear about the troubles you're having. Those core files need to be analyzed so we can figure out whether this is a known issue - or even if not, it should give us a clue as to the underlying cause, and hopefully a workaround.

 

Please get a case opened with JTAC (either direct or through your reseller) so that we can do proper diagnostics on this issue.  If you need any help with that, please let me know personally.

 

Any other conclusions (by anyone...)  based on the information so far would just be conjecture.

 

Regards,

 

-Keith

Visitor
Pete-L
Posts: 7
Registered: ‎11-25-2011
0

Re: Problems with SRX 240 Firewall

26 Cases with regards to an SRX240h and NSM since 31-Aug-2011 (ATAC and JTAC)

 

BGP Low Memory alerts from 4 different SRX240h running IDP and BGP on the same box. (This to me rules out hardware issues)

 

Did anyone else facing issues with the 240h get them resolved, if so please can you tell me how? (let me guess, upgrade to the latest version with be the official answer?)

 

I want to go back to Checkpoint!

Contributor
Youness
Posts: 40
Registered: ‎12-06-2011
0

Re: Problems with SRX 240 Firewall

[ Edited ]

Hi all,

 

I'v had experince on both ScreenOS and Junos, in ScreenOS I had exprience from SSG5 to ISG2000 and in SRXs from SRX210 to SRX 3600, I even ran a project on SRX5800 recently, it's huge milion dollar guy, SRX high end platform are much more stable than Branch SRXs, SRXs have a lot of issues now especially in branch series, but the idea behind it is great. It takes time for them to get it fix and make it stable enough specially in UTM features. But honestly NSM is stupid, specially the one that you install on Linux (Not the appliance), and NSM GUI is even more stupid than NSM itself, it crashes all the time.

 

Hope that day(or maybe night) come, that we see more stablity in SRX it's a kinda newborn baby.

 

And hey Ram, I've read your story, and I think your story is a little...bit...exaggerated, I have a SRX210 and SRX1400 in here right now, I just looked at the uptime, here's the output:

up 172 days, 22:43, 1 user, load averages: 0.25, 0.11, 0.04

and SRX1400:

up 234 days, 20:32, 2 users, load averages: 0.03, 0.03, 0.00

 

They're stable enough now :smileyvery-happy:

Visitor
peterlyttle
Posts: 8
Registered: ‎09-24-2010
0

Re: Problems with SRX 240 Firewall

ATAC : "To run the NSM client properly you PC needs at least 4GB of memory"

 

The appliance is just as bad, JTAC : "can you restart the services"

 

I hate the restart mentality it doesnt FIX anything it just delays it from happening again...

 

I'll take a look at the high end and see how the bottom of the "high end" stack up against the branch appliances cost wise.

Contributor
Youness
Posts: 40
Registered: ‎12-06-2011
0

Re: Problems with SRX 240 Firewall


peterlyttle wrote:

ATAC : "To run the NSM client properly you PC needs at least 4GB of memory"

 

The appliance is just as bad, JTAC : "can you restart the services"

 

I hate the restart mentality it doesnt FIX anything it just delays it from happening again...

 

I'll take a look at the high end and see how the bottom of the "high end" stack up against the branch appliances cost wise.


LOL

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.