This article explains a limitation of Junos OS, wherein users can add only 32 mac-address in an allow/deny list of static-mac-filter. This is working as designed. When user adds more than 32 mac-addresses in the allow/deny list of static-mac-filter, and then commits the configuration, the following error appears: [edit wlan access-point test access-point-options … [Read more...]
How to disable the default ARP policer for selective interfaces or dynamic-profiles in MX routers
How to disable the default ARP policer for selective interfaces or dynamic-profiles in MX routers. In an MX subscriber management environment, one may need to disable the default ARP policer on static interfaces or autosense vlans to instead let the DDOS function protect system. This is because when an ARP attack happens, normal user ARP traffic and attack ARP traffic might … [Read more...]
WEBFILTER_REQUEST_NOT_CHECKED
The WEBFILTER_REQUEST_NOT_CHECKED message is reported into the system message file whenever the webfilter (integrated web filtering) process failed to check a web request. This article documents an approach to troubleshoot this problem. Integrated web filtering is currently only supported on J-Series and SRX devices. The problem related to this syslog message is described … [Read more...]
Best Practices for SRX Software Upgrade
Best Practices for SRX Software Upgrade Junos software provides "no-validate" option when the system administrator tries to upgrade the Junos software version to bypass the configuration compatibility check, but this option should be avoided if possible. This articles will show one of instance of a risk with "no-validate" option. As of 12.1X44-D10, High-End SRX Series … [Read more...]
Default and customizable services running on Junos
This article provides information about the default and customizable services that are running on Junos. By default, rsh and rlogin services are enabled on Junos. Customers, based on their requirements, can enable Telnet, FTP, and so on. On Junos, the inetd.conf file is present in the /etc directory. This file is used to control the services, which are running on the … [Read more...]
“dfwc_bitfield: “82” is an invalid option commit error
This article describes the issue of the "dfwc_bitfield: "82" is an invalid option error message being generated, when a specific numeric value is committed as a match condition in a firewall filter. If you try to commit a specific numeric value, such as 82, as a match condition in a firewall filter, the following error message is generated: p57024@r1a5# commit check dfwc: … [Read more...]
Remote-protected-resource 0.0.0.0/0″ does not work
When allow all IP as remote protected resource is configured, "remote-protected-resource 0.0.0.0/0", then the Dynamic VPN does not work. Any traffic to the remote-protected-resource is not encrypted. Client Software (Access Manager/Junos Pulse) injects and changes route information on a routing table of the client OS, along with Dynamic VPN configuration when the VPN is … [Read more...]
SHA2-256 compatibility on SRX branch series and other platforms
This article describes the issue of the SRX device, which has configured VPN with SHA2 in the IPsec proposal, being unable to decrypt the encrypted traffic; even though it has established the VPN tunnel. Junos and SSG have two generations of SHA2-256 algorithms; the first one uses the 96 bit-length data field and the second one uses the 128 bit-length data field. Due to … [Read more...]
Cleaning the SRX Filesystem to maximize Available Disk Space
Sometimes the "request system storage cleanup" command will still not free enough disk space. This article will show an administrator how to maximize the free space on SRX. The SRX does not have enough free space to finish a task, be it IDP update, or Junos upgrade. Even after running "request system storage cleanup" the SRX admin notices that there is not enough free space. … [Read more...]
BFDD_WRITE_ERROR
BFDD_WRITE_ERROR message is reported into the system message file anytime the Bidirectional Forwarding Detection daemon (BFDD) is shut down abruptly during a session. This is any informational level message. The problem related to this syslog message is described in the following sections: A pipe is a unidirectional, stream communication abstraction. One process writes to … [Read more...]