05-29-2008 01:30 AM
First prize to anyone who can give any advice in this problem.
I have a typical Untrust/DMZ/Trust network setup, currently using two Netscreen 50s. Last night, we attempted to replace them with two SSG-140s.
Everything went perfectly until about 30 minutes after cutting the SSG-140s in. At that point, all traffic to and from the Untrust zone ceased. There were no alarms, failover events or problems reported on any of our switches or routers.
A reboot returned the firewalls to service, but the same problem occured again in a near-identical time span. As a result, we rolled back.
Has anyone seen a similar problem to this in the past?
05-29-2008 06:19 PM - edited 05-29-2008 06:21 PM
i got similar problem with screenOS 5.4.r8 on SSG140. There was a software bug in the networks driver of the SSG140.
The issue was solved with the 5.0.r10.
Do you see some dumps files with the get file command ? If yes open a case and try a downgrade with 5.4.r10.
05-29-2008 06:49 PM - edited 05-29-2008 08:41 PM
There's a known bug in 6.0R5 with lockups on SSG5/SSG20 though this is the first I've heard on an SSG-140
Here's the thread...
05-29-2008 07:41 PM
I just checked, and we have had reports on the SSG-5, SSG-20, and SSG-140.
Refer to this posting for the work-around:
05-31-2008 07:11 AM
06-04-2008 11:38 PM
We'd love to use a work-around here, but we can't.
We use the redundant interfaces feature of the SSG-140, and there's no way of altering physical properties for the redundant interface itself or its member interfaces.
06-05-2008 07:29 AM
I also cannot hard-code - the interface goes to a metro-ethernet from the ISP.
There is fixed code available from JTAC.
I cannot believe Juniper doesn't make this readily available as well as publishing this showstopper bug.