Dear.
Thanks for your reply.
Problem is that in link: https://www.juniper.net/support/downloads/?p=isg10
Regards.
↧
Re: Request ScreenOS 6.3.0r3 for ISG1000
↧
Re: Request ScreenOS 6.3.0r3 for ISG1000
Hello,
Indeed that is the case. I think you will need to open the JTAC case to get these older OS releases.
Regards,
Rushi
↧
↧
Re: Misleading logging on ScreenOS ISG1000 FW
Hello,
There were some cosmetic issues reported previously. In your case, is the issue still seen when you use the command line interface? What OS version are you running on the device ?
Regards
Vatsa
↧
Re: NetScreen 5400 problem
Hello,
What are the IO modules connected to the device? Can you try removing all IO modules and having only MGT card and boot the device. If the issue goes away, it can be a issue with one of the IO cards. If the issue is still seen, then hardware RMA might be the way forward.
Regards
Vatsa
↧
Re: cannot download config file from GUI after upgrade
Hello,
Configuration was be optimized as follows :-
1. review config for unsed services, address objects, certificates, policies, VPN and any other settings and delete them if they are not needed.
2. Summarize static routes if any in the config.
3. combine polices on the firewall to reduce the number of polices and related objects on the firewall.
Regarding config backup, are you able to download / run the command " get tech". if yes, then that usually has a complete config file as well.
Regards
Vatsa
↧
↧
Re: can't fetch reports for netscreen firewall
Hello,
A easier way to check this would be to check the snmp counters under get snmp to see if there are out packets increasing on the device or not. You can also do a debug for snmp "debug snmp all" or a simple snoop to see if you are able to see device responding back to snmp requests.
Regards
Vatsa
↧
Re: Transparent mode segmentation on SSG20 ?
This would also be a good introduction for the SRX
↧
Re: SSG5 Bandwith problems
Find this policy on the list of the web UI.
Edit the policy go to the advanced tab
Uncheck the box for Traffic Shaping and save
↧
Re: Request ScreenOS 6.3.0r3 for ISG1000
For versions that are no longer listed on the public site you need to open a ticket with JTAC for a custom download link.
↧
↧
NS 5GT Bricked...Boot Loop
I have an old netscreen 5GT
when i connect console i am getting the below message,
Not able to factory reset also
not able to run any command also.when i try to restore any firmware via tftp
tftp is timing out in the middle.
kindly help.Can any body guide to the old or new bootloader for this.
I am not able to find bootloader on juniper website.
NetScreen NS-5GT-ADSL Boot Loader Version 3.0.0 (Checksum: 5D9E317F)
Copyright (c) 1997-2004 NetScreen Technologies, Inc.
Total physical memory: 128MB
Test - Pass
Initialization - Done
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Hit any key to run loader
Loading default system image from on-board flash disk...
Done! (size = 9,961,472 bytes)
********Invalid DSA signature
********Bogus image - not authenticated
Serial Number [0103062007001134]: READ ONLY
HW Version Number [1010]: READ ONLY
Self MAC Address [001b-c035-6150]: READ ONLY
Boot File Name [ns5gt.6.2.0r19.0]:
↧
Re: NS 5GT Bricked...Boot Loop
Hello,
Which tftp server you are using & which port on the NS5GT is connected to tftp server?
Also is tftp server directly connected to NS5GT?
Following error indicates that authentication-key on the NS 5GT is not able to authenticate ScreenOS version on the box.
********Invalid DSA signature
********Bogus image - not authenticated
Regards,
Rushi
↧
[SSG 520M] Issue with bootloader upgrade
Hi,
I try to upgrade the bootloader because of the message:
********Invalid DSA signature
********Bogus image - not authenticated
but when i finished to fill the different fields i optain this new messages:
Initiating hardware and waiting for link up ...
PHY read timeout on Port 0 (Ctrl=0x0000)
PHY read timeout on Port 0 (Ctrl=0x0000)
PHY read timeout on Port 0 (Ctrl=0x0000)
PHY read timeout on Port 0 (Ctrl=0x0000)
PHY read timeout on Port 0 (Ctrl=0x0000)
PHY read timeout on Port 1 (Ctrl=0x0000)
PHY read timeout on Port 1 (Ctrl=0x0000)
PHY read timeout on Port 1 (Ctrl=0x0000)
PHY read timeout on Port 1 (Ctrl=0x0000)
PHY read timeout on Port 1 (Ctrl=0x0000)
[Ethernet0/2 and Ethernet0/3]
and the link remain DOWN.
I plugged the ethernet cable on port 0/0 of the firewall. i tried with a cross cable and a straight cable.
I tried to force the ethernet port on my PC to 1000 full or 100 full and with auto-negociation but the interface remain down.
Has anyone ever encountered this problem?
Thanks you in advanced for youir help
↧
Re: [SSG 520M] Issue with bootloader upgrade
Hello ,
This looks like issue in either cable or the interfaces. Usually the firewall will try to get the interface up so that the TFTP communication can go through. In your case, since you have tried changing cable and using Laptop aswell, it might indicate a possible hardware issue. What is the status of the interface LEds? if there are other interface cards added on the ISG, try removing them and see if the eth0/0 interface comes up .
Regards
Vatsa
↧
↧
Re: SSG5 Bandwith problems
Hello ,
The policy you have shown is from untrust to trust.. There should also be another policy that is from inside trust to untrust that might have the policy bandwidth configured.
Regards
Vatsa
↧
Re: NS 5GT Bricked...Boot Loop
Yeah initially i was using some small tftp server.
But read somewhere Solarwind TFTP server is better compared to others.
downloaded and tried that initially it was the same.Timeout.
Then i manually binded the ip to the tftp server.
Then it worked like a charm.
Now my NS5GT is working again.
↧
Re: [SSG 520M] Issue with bootloader upgrade
This error will occur if you upgrade to the new ScreenOS image and still have the OLD signing key on your device. The boot screen on the console port will show this message:
********Invalid image!!!
********Bogus image - not authenticated!!!
To recover from this error and allow the device to boot you need to delete the signing key.
delete crypto auth-key
Then reboot the device and the new ScreenOS should load.
↧
Re: [SSG 520M] Issue with bootloader upgrade
Hi Steve,
As you can see, the vox is already stuck in the bootup. So, user cannot delete the imag key anymore. The only option is to re-image the box with an old firmware, get into the box management and then delete /or/ update the key.
From the console dump, device is unable to detect link on any onboard interface. Looks like a bad cable or Hardware.
↧
↧
Re: [SSG 520M] Issue with bootloader upgrade
Hi,
On a healthy device, the output should look like:
Saipan motherboard proto 3 or later detected
Probing...[Ethernet0/0 and Ethernet0/1]
Initiating hardware and waiting for link up ...
self_ip = 192.168.160.5, tftp_server_ip = 192.168.160.186
ip = 192.168.160.5 mask = 255.0.0.0 gw = 0.0.0.0 svr = 192.168.160.186
network_ready = 1
But, in your case, the device is inable to detect the PHY link. Please try interfaces other than e0/0. Also, you can try unseating any other interface card you might have - as suggested by Vatsa.
↧
SSG140 cross-subnet problems
Greetings.
I have a pair of SSG140 firewalls set up in NSRP (Yes, I know they're old). I have two subnets on the same virtual router and in the same zone (192.168.42.0/24 and 172.20.0.0/16) which are used by machines on the network. However, if I try to transfer a file from a computer on the 192.168.42.0/24 from the 172.20.0.0/16 (or vice versa) through the SSG140, it gives me an error (if it takes more than about 10 seconds to transfer) and Windows says the file is no longer available.
I thought maybe it was a problem with our vintage network switches, so I connected it all up to a brand new switch. Still no dice. I then swapped the primary and backup router and it still does the same thing. If the computers are on the same subnet there is no problem. If I use my switch for subnet routing, it works fine. So I'm not quite sure what the culprit may be, except that it is a problem with the Juniper itself. I have firmware 6.3.0r23.0 installed on both of them. I'm not ready to hard reset them to test it on a black slate, but I may get there if I cannot find a solution. I've used SSG140s for a lot of years and I've never had this problem. It seems odd that both would have this issue if it were hardware related - which leads me to believe that it is a configuration problem or possibly a firmware related obstacle.
Thanks.
↧
Re: SSG140 cross-subnet problems
Sounds like a possible session timeout issue. Run a debug flow basic to make sure that the traffic is flowing correctly.
↧