Junos
Junos

Juniper Enhanced using Websense server DOWN

‎06-28-2019 01:58 AM

Hello guys!

 

Some time ago, i have faced with problem with Webfiltering.

I have two srx240h2  in cluster mode. JUNOS Software Release is 12.3X48-D65.1 .

 

Now, UTM web-filtering server status is down on bouth nodes:

show security utm web-filtering status
node0:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

node1:
--------------------------------------------------------------------------
UTM web-filtering status:
Server status: Juniper Enhanced using Websense server DOWN

 

but some times ago everything was OK.

There are some strange things i`ve found:

1. tcp connection to rp.cloud.threatseeker.com (116.50.57.140:80) stack in TIME_WAIT state . Bytheway, i can ping this address and 80 port is accessible from my SRX.

 

I tried to restart utmd service and after that, i`ve find messages in log:

2. utmd[19132]: LIBJSNMP_NS_LOG_INFO: INFO: ns_subagent_open_session: NET-SNMP version 5.3.1 AgentX subagent connected

    utmd[19132]: LIBJSNMP_NS_LOG_WARNING: WARNING: AgentX master agent failed to respond to ping. Attempting to re-register.

3. license-check[29600]: LICENSE_EXPIRED_KEY_DELETED: License key "JUNOS*******" has expired.
license-check[29600]: LICENSE_EXPIRED_KEY_DELETED: License key "JUNOS*******" has expired.
utmd[19132]: LICENSE_EXPIRED_KEY_DELETED: License key "JUNOS*******" has expired.
utmd[19132]: LICENSE_EXPIRED_KEY_DELETED: License key "JUNOS*******" has expired.

(It`s about my expired liences for Web Filtering EWF. Of course i have active one, now)

 

There are no changes in configuration concerning webfiltering at last time.

Have you any ideas on this?

7 REPLIES 7
Junos

Re: Juniper Enhanced using Websense server DOWN

‎06-28-2019 10:32 AM

Hello,

 

Are you able to ping hostname instead of ip address, is DNS working? Also you can try to capture if reply is not being dropped in path any where from server.

 

Thanks

Mahesh

 

Junos

Re: Juniper Enhanced using Websense server DOWN

‎06-28-2019 08:26 PM

Hi DirtyMew,

 

Did you mean the log messages for license expiry aren't seen now after updating license or do they appear even after updating licenses? Check this for any licensing issue: https://kb.juniper.net/InfoCenter/index?page=content&id=KB16675&actp=METADATA

 

If license is taken care of and you don't see the license error now, then try to restart utmd service again to confirm they are gone.  And if issue still persists, then agree with maheshkumar, please capture if we receive a response from the server.

 

Hope this helps.

Regards,
-r.

--------------------------------------------------

If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Junos

Re: Juniper Enhanced using Websense server DOWN

‎06-29-2019 11:31 AM

You may try to delete the expired license (request system license delete) to filter those distractive logs first. Make sure there is a valid license for EWF.

Make sure the DNS/IP connection to the server is good.

Try failover between the nodes if possible. 

 

Junos

Re: Juniper Enhanced using Websense server DOWN

‎07-02-2019 04:39 AM

Good day,

Thanks everybody for answers!

 

1. I have delete bouth expired licences and restart utmd service after that. There are no alarm about expired licenses now, but problem still exist.

2. Yes, my DNS is working correct. I can ping two servers: cluster-k.cloud.threatseeker.com, rp.cloud.threatseeker.com (already tried them). And also i checked 80 port by telnet, it`s ok (i can connect and i have answers from servers).

3. I can try manual failover this evening, but it isn`t good decision i think.

 

Best Regards

Junos

Re: Juniper Enhanced using Websense server DOWN

[ Edited ]
‎08-13-2019 04:56 AM
Greetings!
 
I have some update. Some time ago i have updated my SRX to recommended OS version: 12.3X48-D75 and, of course, it means that i have rebooted devices. But problem still exist, unfortunately.
 
There is utmd.log in attachments after force restarting utmd process on primary node.

Attachments

Junos

Re: Juniper Enhanced using Websense server DOWN

[ Edited ]
‎08-13-2019 07:30 PM
Hi Dirtymew,

I have seen couple of scenarios, please check whether it matched your condition.

> Are you using UTM in Routing Instance? If that's the case, please find the KB article to resolve your issue - https://kb.juniper.net/InfoCenter/index?page=content&id=KB33260&pmv=print&actp=RSS&s...

> Is the route towards the TSC is pointed via fxp0 interface? If that's the case, TSC will show down so please configure the route via revenue interface (ge or xe interface).

If the above steps didn't resolve the issue, let me know what you're seeing messages log with respect to UTM.


Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Junos

Re: Juniper Enhanced using Websense server DOWN

‎08-19-2019 05:40 AM

Dirtymew,

 

One more thing I would like to ask is, Are you using a chassis cluster deployed in Active/Active mode?

 

If that's the case, can you initiate the failover of all RGs to a single node? Because UTM is not supported in Active/Active cluster deployments. For more information, please refer the following technical documentation - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-configuring-utm-for-chas...

 

Looking forward to hear from you.



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!