ScreenOS Firewalls (NOT SRX)
Reply
Distinguished Expert
muttbarker
Posts: 2,298
Registered: ‎01-29-2008
0
Accepted Solution

Reducing ScreenOS tasks - SSG20-HM - 6.3.0r1.0

I am running an SSG20 w/full UTM, now upgraded to 6.3. I have been having issues with logging into the box (via CLI) and with NSM communications. Working with JTAC we determined that the problem is with the task count. The SSG20 has a limit of 111 tasks. My unit runs at 110 to 111 tasks constantly. The bulk of the tasks are idle and my CPU usage is under 5%. I am trying to determine how I can eliminate some tasks so that I can get my count down.

 

Example - there is an idle "telnet" task - I don't allow telnet but the task is there. Same for dialer, nsrp (not running) Any assistance is greatly appreciated.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Regular Visitor
Posts: 5
Registered: ‎08-26-2009

Re: Reducing ScreenOS tasks - SSG20-HM - 6.3.0r1.0

Hi Kevin,

 

We had a similar issue with our SSG350Ms, which were originally running 6.2.0r3. After lots of back-and-forth with JTAC, trying out various things to try and solve the problem, they issued us with a patched version of 6.2.0r4 which increased the maximum number of allowed tasks. This fix has been included in the generally-available releases since 6.2.0r5 - see "Unable to telnet to firewall" in the "Changes to Default Behavior Introduced in 6.2.0r5" section of the release notes.

 

Looking at the release notes for 6.3.0r2, I see that the issue has been fixed there too - look for item 455868 in the "Addressed Issues in ScreenOS 6.3.0r2" section of the release notes.

 

Hope that helps.

 

Regards,

Graeme

Distinguished Expert
muttbarker
Posts: 2,298
Registered: ‎01-29-2008
0

Re: Reducing ScreenOS tasks - SSG20-HM - 6.3.0r1.0

Graeme - thanks for the post! Upgrading took care of it. I have had a call into JTAC since last Friday asking them for a path forward and you provided it. Thanks to you I will update my case and close it out.

 

Welcome to the Forum!

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.