07-15-2010 10:15 AM
I'd like to think I'm a patient man, but I'm quickly losing all good feelings I might have had for Juniper that I accumulated under the Netscreen/ScreenOS line.
Today, I came into work and realized my Juniper box apparently was no longer talking to my Websense box. This is the 2nd time I've encountered this problem. I ran a "run restart utmd" which is what the Juniper tech asked me to do the 1st time and lo and behold my Websense box starts logging requests. The only problem is that appr. 2 minutes later the entire box stops forwarding packets (I assume). All ping activity to hosts beyond the box on "untrust", to boxes in the "dmz", and even the SRX's trust interface fail.
I cringe as I wait for the inevitable calls from my users screaming in my ear about the Internet connection. I think I have two options. I can do a hard reboot of the SRX and hopefully before I'm older than Methuselah, the box will finally complete a reboot. Or, I can wait and hope that whatever conniption fit the box is having will work itself out. I decided to wait and Voila! All of my pings come back.
I cannot believe Juniper, a company I have pitched to many a customer and colleague, who roll out such a piece of junk. I don't want to hear that Juniper "understands", or "get's it" or "hears me". I want a notification that here is the download link for the release of JUNOS that will fix all of the crap we have given you, our loyal customer base. I did not sign up to be a beta tester for your SRX line. I expect a quality product ready for deployment.
SRX240 - JUNOS 10.0R3.10
07-15-2010 11:12 AM
I think you are seeing PR519874 fixed in 10.1R2 but 10.1R3 is the latest and includes the same fix. I've got one of my guys checking why the PR info online doesn't show the fix version. Please open a case with JTAC to make sure this is what you are seeing before doing any upgrade.
Not to beat a dead horse, but we do hear you and there is a lot of work going on behind the scenes to improve the quality of Junos for branch SRX product. Our deferral of 10.2 for branch SRX and the very limited new feature development in the up-coming 10.4 release are both artifacts of this effort.
07-15-2010 12:33 PM - edited 07-15-2010 12:46 PM
Unfortunately I can't help you with the Websense problem but I can suggest that you update to 10.1R2.8. From my experience and what I've read on here it's the best release to be running.
The other thing I'd suggest doing is checking your box for any core dumps (show system core-dumps) and submitting any to JTAC.
07-15-2010 08:14 PM
On SRX210, SRX240, and SRX650 devices, the Websense server stops taking
new connections after HTTP stress. All new sessions get blocked. As a
workaround, reboot the Websense server. [PR/435425]
Source : Release notes.