Juniper SSG5 crashes network

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

A while back we had issues with a Juniper SSG5 where once plugged in, it would pretty much stall the entire network until we unplugged the device... We've looked at it and couldn't figure it out. Ended up calling Juniper support and they pretty much told us to log when this happens again next time. Unfortunately it does not log anything that can give us an idea of where to look.

We have one other SSG5 setup as a firewall for a remote location acting as a VPN connection, however that firewall does not seem to be causing any issues. There are however a few differences, the firmware version of the firewall in the remote location is 5.4 and the one that's problematic is 6.3. As a troubleshooting steps, we did try firmware version 5.4 and a few others to no avail. I am wondering if I turn off the wireless capabilities, will it rectify the problem? or if not perhaps it will narrow down the troubleshooting steps?

I also checked to see if we were using IGMP/Multicast on the firewall and we're not. We're really stumped here... Btw we have three of these device in the HQ office, which is where the problem is happening, and all three create the same problem.

Anyways just wanted to know if anyone experience similar issues?

Thanks!

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Think I have read your post correctly, it is very unlikely that you have three faulty Juniper firewalls.

My recommendation is to troubleshoot further, I'm assuming you have mulitple public IP Address's and probably a managed router of some sort. If so do the following:

- Get a 5 port switch and plug this into your managed router, the purpose of this is to split your internet connection, then plug in your current firewall into this and it will work as per nomal.

- Plug your faulty Juniper firewall into the switch and configure this with one of your spare public IP's and then use it and see what happens.

If the above goes successfully, then you know the firewall isn't faulty, and the issue lies somewhere else.

Let us know how you get on mate.

 

Thanks Craigie,

I should of mentioned that this firewall is setup as an internal wireless device to service laptops internally. There are no public IP's, only internal. What I've done is configured a wireless group with a hidden SSID. It's configured with a DHCP relay and is attached to the switches in our patch panel.

To me it seems like it does something to the switches and the switches just start broadcasting very intensely. It's to a point where I can't even ping the default gateway of our main firewall/router.

 

I'm not sure of the topology and how you are connecting it, but are you sure you aren't creating a loop in the network? Although switches usually come with STP enabled by default, it could be the indivudual ports you are using have STP disabled.

The issue you describe sound exactly like a loop.

 

^^ what he said, it definitely sounds like a spanning tree issue, what happens if you just have one enabled? then slowly increase the number?? Have you defined any kind of boundaries that these would operate from (ie specific subnets or made them into an array of sorts)?

If you have three then the only thing I can think of is that all three are trying to deal with the same machines because they were set up individually rather than as an array.

Of course I could be completely wrong because I know nothing about routing \ switching or Junipers.

 

Good point... didn't think about that... I checked all the switches and all have STP enabled except for one... Which might be causing all the issues. I will be testing after hours on the weekend and will let you know how it goes. Thanks!

I've tried plugging in each router one by one in the past and it created the same problem so must be some misconfiguration.