1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Juniper SSG5 crashes network

Discussion in 'Networks' started by Theprof, Jan 14, 2011.

  1. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    A while back we had issues with a Juniper SSG5 where once plugged in, it would pretty much stall the entire network until we unplugged the device... We've looked at it and couldn't figure it out. Ended up calling Juniper support and they pretty much told us to log when this happens again next time. Unfortunately it does not log anything that can give us an idea of where to look.

    We have one other SSG5 setup as a firewall for a remote location acting as a VPN connection, however that firewall does not seem to be causing any issues. There are however a few differences, the firmware version of the firewall in the remote location is 5.4 and the one that's problematic is 6.3. As a troubleshooting steps, we did try firmware version 5.4 and a few others to no avail. I am wondering if I turn off the wireless capabilities, will it rectify the problem? or if not perhaps it will narrow down the troubleshooting steps?

    I also checked to see if we were using IGMP/Multicast on the firewall and we're not. We're really stumped here... Btw we have three of these device in the HQ office, which is where the problem is happening, and all three create the same problem.

    Anyways just wanted to know if anyone experience similar issues?

    Thanks!
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  2. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Think I have read your post correctly, it is very unlikely that you have three faulty Juniper firewalls.

    My recommendation is to troubleshoot further, I'm assuming you have mulitple public IP Address's and probably a managed router of some sort. If so do the following:

    - Get a 5 port switch and plug this into your managed router, the purpose of this is to split your internet connection, then plug in your current firewall into this and it will work as per nomal.

    - Plug your faulty Juniper firewall into the switch and configure this with one of your spare public IP's and then use it and see what happens.

    If the above goes successfully, then you know the firewall isn't faulty, and the issue lies somewhere else.

    Let us know how you get on mate.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  3. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Thanks Craigie,

    I should of mentioned that this firewall is setup as an internal wireless device to service laptops internally. There are no public IP's, only internal. What I've done is configured a wireless group with a hidden SSID. It's configured with a DHCP relay and is attached to the switches in our patch panel.

    To me it seems like it does something to the switches and the switches just start broadcasting very intensely. It's to a point where I can't even ping the default gateway of our main firewall/router.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  4. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    I'm not sure of the topology and how you are connecting it, but are you sure you aren't creating a loop in the network? Although switches usually come with STP enabled by default, it could be the indivudual ports you are using have STP disabled.

    The issue you describe sound exactly like a loop.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  5. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    ^^ what he said, it definitely sounds like a spanning tree issue, what happens if you just have one enabled? then slowly increase the number?? Have you defined any kind of boundaries that these would operate from (ie specific subnets or made them into an array of sorts)?

    If you have three then the only thing I can think of is that all three are trying to deal with the same machines because they were set up individually rather than as an array.

    Of course I could be completely wrong because I know nothing about routing \ switching or Junipers.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  6. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Good point... didn't think about that... I checked all the switches and all have STP enabled except for one... Which might be causing all the issues. I will be testing after hours on the weekend and will let you know how it goes. Thanks!

    I've tried plugging in each router one by one in the past and it created the same problem so must be some misconfiguration.
     
    Last edited: Jan 17, 2011
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...