An error is reported on the SRX device after attempting to load a license key for Sky Advanced Threat Prevention. When attempting to load a Sky ATP premium subscription license key on an SRX device, an error occurs: terminal:1 error: JUNOS7nnnnn: license not valid for this product add license failed (1 errors) Although a license key is produced when you register your … [Read more...]
Understanding the source-identity based policy in SRX
This article provides information about the new feature - source-identity based policy in SRX. Information about the new feature - source-identity based policy in SRX. From Junos 12.1 on SRX, Juniper Networks supports user role based firewall security policies, which will let you classify traffic based on the roles, to which a user is assigned. With this policy being … [Read more...]
Error when generating subscription licenses for SRX
This article describes the issue of the failure to register subscriptions for SRX through the Subscription-Registration System. The following error message is displayed: 'Error: An unknown error has occurred. Please contact Juniper Customer Care ..'. I recently purchased SRX650 subscriptions for Web Filtering, Anti-Virus, and IDP updates; but when I try to register the … [Read more...]
RTLOGD_LOG_BIND_ERROR
The RTLOGD_LOG_BIND_ERROR message is reported into the system message file whenever the J-series Services Router (JSR) log daemon fails to bind to the JSR log forwarder. This article documents an approach to troubleshoot this problem. This message is generated by the system log utility for real-time processing of packets for security control (rtlogd) on routers running the … [Read more...]
JSRPD_DAEMONIZE_FAILED
The Juniper Services Redundancy Protocol process (jsrpd), which controls chassis clustering, could not create a version of itself to run in the background as a daemon. Chassis clustering is only supported on J-series and SRX devices. The problem related to this syslog message is described in the following sections: The JSRPD_DAEMONIZE_FAILED message is logged each time … [Read more...]
High CPU occurs in all FPC when datapath debug is enabled
On an SRX1K/3K, despite CPU in both SPU and RE is low, High CPU in 'show chassis fpc' is observed when datapath debug is enabled. On an SRX1K/3K device, low CPU is seen in both SPU and RE. However, when datapath debug is enabled, the CPU in ‘show chassis fpc’ is high. In the following example, 100% CPU is seen in all FPC: Note: Slot 7 and 8 is SPC SRX3600.HK> show … [Read more...]
How to resolve commit issues due to configuration lock on SRX clusters managed by JUNOS Space
Resolve commit issues due to configuration lock on SRX clusters managed by JUNOS Space. On SRX clusters that are managed using JUNOS Space, users may encounter an issue where any configuration changes fail at commit with an error similar to the following: user@fw01# commit node0: node1: error: configuration database locked by: root terminal (pid 2144) on since … [Read more...]
Show version command output shows wrong model
This article describes how to obtain the correct SRX model information after the show version command output has shown the wrong SRX model number or even a completely different model (such as the M40). On an SRX, the output of the show version command shows the following incorrect model (M40, instead of SRX): > show version Hostname: HCT-CS-FW-01 Model: M40 < … [Read more...]
Understanding Persistent NAT behavior and its different types
This article illustrates the behavior of Persistent NAT (formerly Cone NAT) and describes different types of Persistent NAT available on SRX devices. Persistent NAT is a special type of Source NAT. As with a usual Source NAT, this feature creates a NAT binding for a particular combination of internal IP address and port (called internal transport address). All the traffic … [Read more...]
WEBFILTER_REQUEST_NOT_CHECKED
The WEBFILTER_REQUEST_NOT_CHECKED message is reported into the system message file whenever the webfilter (integrated web filtering) process failed to check a web request. This article documents an approach to troubleshoot this problem. Integrated web filtering is currently only supported on J-Series and SRX devices. The problem related to this syslog message is described … [Read more...]