ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

cann't access the firewall by URL or TELNET after a few hours

‎10-21-2008 11:29 PM

Our device is SSG20 with the software version 6.0 , and the configuration is okay. we got a problem now.

After a cold reset , wo can access the device well, but about 3 or 4  hours later,we cann't access in the device any more by URL or TELNET.

All can i do is reset it again,  i need your help!

tks in advance!

13 REPLIES 13
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎10-21-2008 11:37 PM

Its a known bug... I've experienced this aswell and is in the release notes for 6.1r3 or r2 i believe...

 

Just upgrade! 6.1r3 is very stable for me.

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎10-22-2008 12:16 AM

Just looked it up for you in the release notes.

 

Addressed issues in 6.1r3

 

Management
            ■  255035—Redundant subinterfaces could not be imported properly from NSM.
         
            ■ 271129—In some cases, all management access may be lost except through the
               console.

        

           ■  290562—Unable to determine BGP aggregate status within NSM.
       
 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

[ Edited ]
‎10-22-2008 05:16 PM

I am having the same problem, I cannot access my SSG 5 through the Web UI, Telnet or SSH @ 192.168.1.1. I am using the latest release 6.1r3. I can only gain access via the console port. Here is my interface settings. As far as I know it should work...

 

Interface bgroup0:

  description bgroup0

  number 11, if_info 968, if_index 0, mode nat

  link up, phy-link up/full-duplex

  vsys Root, zone Trust, vr trust-vr

  dhcp client disabled

  PPPoE disabled

  admin mtu 0, operating mtu 1500, default mtu 1500

  *ip 192.168.1.1/24   mac 001f.1253.e40b

  *manage ip 192.168.1.1, mac 001f.1253.e40b

  route-deny disable

  pmtu-v4 disabled

  ping enabled, telnet enabled, SSH enabled, SNMP enabled

  web enabled, ident-reset disabled, SSL enabled

  DNS Proxy disabled, webauth disabled, g-arp enabled, webauth-ip 0.0.0.0

  OSPF disabled  BGP disabled  RIP disabled  RIPng disabled  mtrace enabled

  PIM: not configured  IGMP not configured

  NHRP disabled

  bandwidth: physical 100000kbps, configured egress [gbw 0kbps mbw 0kbps]

             configured ingress mbw 0kbps, current bw 7989kbps

             total allocated gbw 0kbps

  DHCP-Relay disabled at interface level 

 

Thanks

 

Rob 

Message Edited by Rob_S on 10-22-2008 05:17 PM
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎10-22-2008 06:20 PM

I had upgrade my SSG20 from 6.0 to 6.1.r3, but this issue is still exist.

Anybody kowns how can i fix this issue??

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

[ Edited ]
‎10-23-2008 10:19 PM

Hi Darkboy,

 

A customer sent me a mail yesterday, experiencing the same issue on 6.1r3. I will raise a tech case @ JTAC today and see how this can be resolved. Its also a SSG20.

 

 I'll keep you posted! If you got any updates i'd love to hear them 🙂

 

G's Debbus

Message Edited by dennish on 10-24-2008 07:19 AM
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-04-2008 05:59 PM

I have a client also having the same problem..do we have an update on which firmware might be stable that fixed this problem?

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-04-2008 10:12 PM

Im still working on the JTAC case, however my client didn't respond to the question yet wether console also loses connectivity.

Could you all let me know if console still works when the services fail ?

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-06-2008 12:57 AM

Hi, we experience a similar problem either. We are using SSG-5, we cannot manage the FW using Web / SSH. But we can ping the trust interface. Some web sites cannot be reached and timeout.

 

When rebooting the FW, the problem solved. I have opened a JTAC case on this.

 

 

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-06-2008 12:58 AM
Console works when the problem occurs.
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-07-2008 06:59 AM

I reopened the case. This issue happened again and the customer pulled a get tech out via console.

Im awaiting an update from JTAC.

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-18-2008 01:09 AM

260988, 271129, 281995—In some cases, all management access may
be lost except through the console.

 

Should be solved in 6.0r6 and 6.0r7. i don't know in which revisions on the 6.1 and 6.2 train the fix will be implemented.

 

Dennis

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎11-28-2008 11:25 PM

I think you may try to change the 80 port to another or close the web ui function in Untrust Zone .

lucky

Highlighted
ScreenOS Firewalls (NOT SRX)

Re: cann't access the firewall by URL or TELNET after a few hours

‎01-11-2009 07:00 PM

6.1.0r2.0 still not resolved, our SSG 5 firewall OS version is 6.1.0r2.0.

I don't know why Juniper can not resolve it? Only I can do is restart the firewall.

 

Feedback