A bunch of Juniper SRX300 firewalls dumped cheap

747builder

Active Member
Dec 17, 2017
103
51
28
I got in the previous owner changed baud rate to highest one. The box boots in bussybox how i recover it
I see this on boot
** File not found vmlinuxtrident_diag_v0.1.0.26.64 **
## No elf image at address 0x20000000
post the full console output from the time you turn on the SRX
 
  • Like
Reactions: Samir

tritron

Member
Jan 15, 2020
59
23
8
I get Device nor0 not found!

SF: Detected MX25L6433F with page size 256 Bytes, erase size 4 KiB, total 8 MiB


autoload=n
baudrate=115200
bf=bootoct $(flash_unused_addr) forceboot numcores=$(numcores)
boardname=evb7000
boot.current=alternate
bootcmd=run linux_exte;run linux_ext2;run linux_usb
bootdelay=5
burn_app=erase $(flash_unused_addr) +$(filesize);cp.b $(fileaddr) $(flash_unused_addr) $(filesize)
cp_hwddr=fatload usb 0 $(loadaddr) hw-ddr2;fatwrite usb 1 $(loadaddr) hw-ddr2 $(filesize)
cp_linux=usb start;fatload usb 0 $(loadaddr) vmlinux$(linux_version).64;fatwrite usb 1 $(loadaddr) vmlinux$(linux_version).64 $(filesize)
ddr_burn_test=usb start;fatload usb 0 $(loadaddr) hw-ddr2;bootoct $(loadaddr)
dram_size_mbytes=4096
env_addr=7c0000
env_size=2000
eth1addr=02:05:55:e5:73:01
ethact=octrgmii0
ethaddr=02:05:55:e5:73:00
ethprime=octrgmii0
fdtaddr=80000
flash_base_addr=1f400000
flash_size=800000
gatewayip=192.168.1.2
ipaddr=192.168.1.1
linux_ext2=mw.b 0x1d020003 0x4d;usb start;ext4load usb 1 $(loadaddr) vmlinux$(linux_version).64;bootoctlinux $(loadaddr) mem=3584M coremask=f
linux_exte=mw.b 0x1d020003 0x4d;usb start;ext4load usb 0 $(loadaddr) vmlinux$(linux_version).64;bootoctlinux $(loadaddr) mem=3584M coremask=f
linux_mmc=fatload mmc 0 $(loadaddr) vmlinux.64;bootoctlinux $(loadaddr)
linux_usb=mw.b 0x1d020003 0x4d;usb start;fatload usb 0 $(loadaddr) vmlinux$(linux_version).64;bootoctlinux $(loadaddr) mem=3584M coremask=f
linux_usb2=usb start;fatload usb 1 $(loadaddr) vmlinux$(linux_version).64;bootoctlinux $(loadaddr) mem=3584M coremask=f
linux_usbe=usb start;fatload usb 0 $(loadaddr) vmlinux$(linux_version).64;bootoctlinux $(loadaddr) mem=3584M coremask=f
linux_version=trident_diag_v0.1.0.26
loadaddr=0x20000000
ls=fatls mmc 0
m=md 0x1f400000
md5=md5sum $(fileaddr) $(filesize)
mtdids=nor0=octeon_nor0,nand0=octeon_nand0
netmask=255.255.255.0
numcores=4
numcoreshex=0x4
octeon_failsafe_mode=1
octeon_ram_mode=1
stderr=serial
stdin=serial,pci,bootcmd
stdout=serial
update_sf_all=loady;sf probe;sf update $(loadaddr) 0x0 $(filesize)
update_sf_stg2=loady;sf probe;sf update $(loadaddr) 0x10000 $(filesize);sf update $(loadaddr) 0x80000 $(filesize)
update_sf_stg3=loady;sf probe;sf update $(loadaddr) 0x100000 $(filesize);sf update $(loadaddr) 0x280000 $(filesize)
ver=U-Boot 2013.07 ACCTON Version 0.1.0.12 (Build time: Sep 15 2017 - 14:27:14)

Environment size: 2381/8188 bytes
 

tritron

Member
Jan 15, 2020
59
23
8
Environment size: 2356/8188 bytes
Octeon evb7000(ram)# resetSPI stage 1 bootloader
SPI ID: c2:20:17:c2:20
header found at offset 0x1f40
Image 1.2: address: 0xffffffff81000000, header length: 192, data length: 8608
Validating data...
Starting next bootloader at 0xffffffff81000000
SPI stage 1.5 bootloader
SPI ID: c2:20:17:c2:20
Header 1 found at offset 0x10000
Header 2 found at offset 0x80000
Header 3 found at offset 0x100000
Found bootloaders, booting bootloader 2 of 3 at offset 0x80000.
Starting next bootloader at 0xffffffff81000000
Board type: EVB7000

U-Boot 2013.07 ACCTON Version 0.1.0.12 (Build time: Sep 15 2017 - 14:26:10)

Octeon unique ID: 0a8000104019f31e04c1
Found DDR configuration for EVB7000
Cavium Inc. OCTEON SDK version 3.1.2-p11, build 600: $Revision: 162698 $
EARLY FILL COUNT : 22, cpu_hertz:1600000000, ddr_hertz:667000000
LMC0 Asserting DDR_RESET_L
DDR Reference Hertz = 50000000
clkr: 0, en[5]: 6, clkf: 79, pll_MHz: 4000, ddr_hertz: 666666666, error: 333334
clkr: 0, en[2]: 3, clkf: 39, pll_MHz: 2000, ddr_hertz: 666666666, error: 333334
clkr: 1, en[2]: 3, clkf: 79, pll_MHz: 2000, ddr_hertz: 666666666, error: 333334
clkr: 2, en[2]: 3, clkf: 119, pll_MHz: 2000, ddr_hertz: 666666666, error: 333334
clkr: 2, en[1]: 2, clkf: 79, pll_MHz: 1333, ddr_hertz: 666666666, error: 333334
clkr: 0, en[5]: 6, clkf: 79, pll_MHz: 4000, ddr_hertz: 666666666, error: 333334 <==
LMC0 De-asserting DDR_RESET_L
LMC0: Measured DDR clock: 666666654, cpu clock: 1600000000, ddr clocks: 111111339
LMC0: measured speed: 666666654 hz

Initializing node 0 DDR interface 0, DDR Clock 666666654, DDR Reference Clock 50000000, CPUID 0x000d9602
DDR SPD Table:
LMC0 DIMM 0: DDR3 Undefined, ECC chksum: 45462 1.5V
row bits: 16, col bits: 10, bank bits: 3, banks: 8, ranks: 2, dram width: 8, size: 4096 MB
Medium Timebase (MTB) : 125 ps
Minimum Cycle Time (tCKmin) : 1500 ps
Minimum CAS Latency Time (tAAmin) : 13125 ps
Write Recovery Time (tWR) : 15000 ps
Minimum RAS to CAS delay (tRCD) : 13125 ps
Minimum Row Active to Row Active delay (tRRD) : 6000 ps
Minimum Row Precharge Delay (tRP) : 13125 ps
Minimum Active to Precharge (tRAS) : 36000 ps
Minimum Active to Active/Refresh Delay (tRC) : 49125 ps
Minimum Refresh Recovery Delay (tRFC) : 260000 ps
Internal write to read command delay (tWTR) : 7500 ps
Min Internal Rd to Precharge Cmd Delay (tRTP) : 7500 ps
Minimum Four Activate Window Delay (tFAW) : 30000 ps
DDR Clock Rate (tCLK) : 1500 ps
Core Clock Rate (eCLK) : 625 ps
DRAM Interface width: 32 bits +ECC

------ Board Custom Configuration Settings ------
MIN_RTT_NOM_IDX : 1
MAX_RTT_NOM_IDX : 5
MIN_RODT_CTL : 1
MAX_RODT_CTL : 5
MIN_CAS_LATENCY : 0
OFFSET_EN : 1
OFFSET_UDIMM : 2
OFFSET_RDIMM : 2
DDR_RTT_NOM_AUTO : 1
DDR_RODT_CTL_AUTO : 1
RLEVEL_COMP_OFFSET : 0
RLEVEL_COMPUTE : 0
DDR2T_UDIMM : 1
DDR2T_RDIMM : 1
FPRCH2 : 2
PTUNE_OFFSET : 1
NTUNE_OFFSET : -2
-------------------------------------------------
Desired CAS Latency : 9
CAS Latencies supported in DIMM : 5 6 7 8 9
CAS Latency : 9
LMC_SCRAMBLE_CFG0 : 0x0000000000000000
LMC_SCRAMBLE_CFG1 : 0x0000000000000000
LMC_CONFIG : 0x50191d0a2c290086
LMC_CONTROL : 0x000007801f038024
TIMING_PARAMS0 : 0x000064112ccc3400
TIMING_PARAMS1 : 0x0000f2bd34592570
CAS Write Latency CWL, [CSR] : 7, [0x2]
Write recovery for auto precharge WRP, [CSR] : 10, [0x5]
MODEREG_PARAMS0 : 0x0000000000a29002
RTT_NOM 0, 0, 0, 40 ohms : 0,0,0,3
RTT_WR 0, 0, 0, 0 ohms : 0,0,0,0
DIC 40, 40, 40, 40 ohms : 0,0,0,0
MODEREG_PARAMS1 : 0x0000000000000600
MODEREG_PARAMS2 : 0x0000000000000000
LMC_NXM : 0x000000000000550c
WODT_MASK : 0x0000000000000101
RODT_MASK : 0x0000000000000000
DYN_RTT_NOM_MASK : 0x00
DQX_CTL : 4, 34 ohms
CK_CTL : 4, 34 ohms
CMD_CTL : 4, 34 ohms
CONTROL_CTL : 4, 34 ohms
COMP_CTL2 : 0x0001271a00034444
PHY_CTL : 0x0000001200000000
PHY_CTL : 0x0000001200200000
Read ODT_CTL : 0x3 (40 ohms)
EXT_CONFIG : 0x00000000000c0001
Performing Write-Leveling
MODE32B : 1
Rank(0) Wlevel Debug Results : 00000 00000 00000 00000 000f0 000f0 00078 0001e 0000f
Rank(0) Wlevel Rank 0x3, 0x0000600000420800 : 0 0 0 0 4 4 2 0 0
Rank(1) Wlevel Debug Results : 00000 00000 00000 00000 000f0 00070 0003c 0001e 0000f
Rank(1) Wlevel Rank 0x3, 0x0000600000420800 : 0 0 0 0 4 4 2 0 0
MODE32B : 1
Waiting 159448 usecs for ZQCS calibrations to start
Performing Read-Leveling
RLEVEL_CTL : 0x00000000553c3f20
RLEVEL_OFFSET : 2
RLEVEL_OFFSET_EN : 1

RTT_NOM 0, 0, 0, 40 ohms : 0,0,0,3
Read ODT_CTL : 0x5 (120 ohms)
Rank(0) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f8 001ff 000ff 000fe
Rank(0) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (30)
Rank(1) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001fe 000ff 000fe
Rank(1) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (25)
Read ODT_CTL : 0x4 (60 ohms)
Rank(0) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 007f0 005f0 001fe 000fd 000fe
Rank(0) Rlevel Rank 0x3, 0x00C5145148186145 : 5 5 5 5 8 6 6 5 5 (47)
Rank(1) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001ff 000fd 000fe
Rank(1) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (31)
Read ODT_CTL : 0x3 (40 ohms)
Rank(0) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001ff 000ff 000fe
Rank(0) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (30)
Rank(1) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001fc 000ff 000ff
Rank(1) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (25)
Read ODT_CTL : 0x2 (30 ohms)
Rank(0) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001ff 000ff 000fd
Rank(0) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (36)
Rank(1) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 001f0 001ff 000ff 000fe
Rank(1) Rlevel Rank 0x3, 0x00C5145147186145 : 5 5 5 5 7 6 6 5 5 (30)
Read ODT_CTL : 0x1 (20 ohms)
Rank(0) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 00ff0 01fff 000ff 000fe
Rank(0) Rlevel Rank 0x3, 0x00C514514724A145 : 5 5 5 5 7 9 10 5 5 (200)
Rank(1) Rlevel Debug Test Results 8:0 : 00000 00000 00000 00000 003f0 00ff0 01fff 000ff 000fc
Rank(1) Rlevel Rank 0x3, 0x00C514514724A145 : 5 5 5 5 7 9 10 5 5 (195)
Evaluating Read-Leveling Scoreboard.
RTT_NOM 0, 0, 0, 40 ohms : 0,0,0,3
RTT_WR 0, 0, 0, 0 ohms : 0,0,0,0
DIC 40, 40, 40, 40 ohms : 0,0,0,0
Read ODT_CTL : 0x5 (120 ohms)
Rank(0) Rlevel Rank 0x1, 0x0045145147186145 : 5 5 5 5 7 6 6 5 5 (30)
Rank(1) Rlevel Rank 0x1, 0x0045145147186145 : 5 5 5 5 7 6 6 5 5 (25)
DDR2T : 1
Performing software Write-Leveling
Rank(0) Wlevel Rank 0x1, 0x0000200000C62908 : 0(e) 0(e) 0(e) 0(e) 12 12 10 8 8
Rank(1) Wlevel Rank 0x1, 0x0000200000C62908 : 0(e) 0(e) 0(e) 0(e) 12 12 10 8 8
MODE32B : 1
LMC_INT : 0x00000000
N0.LMC0 Configuration Completed: 4096 MB
LMC Initialization complete. Total DRAM 4096 MB
Warning: Board descriptor tuple not found in eeprom, using defaults
EVB7000 board revision major:1, minor:0, serial #: unknown
OCTEON CN7130-AAP pass 1.2, Core clock: 1600 MHz, IO clock: 600 MHz, DDR clock: 667 MHz (1334 Mhz DDR)
Base DRAM address used by u-boot: 0x10fc00000, size: 0x400000
DRAM: 4 GiB
Clearing DRAM...... done
Hit any key to stop autoboot: 0
SF: Detected MX25L6433F with page size 256 Bytes, erase size 4 KiB, total 8 MiB
Found valid SPI bootloader at offset: 0x100000, size: 1596304 bytes
Loading bootloader from SPI offset 0x100000, size: 1596304 bytes
Warning: chips select 0 property cavium,t-wait, clocks 181, clock time 300, period 1666, mult: 1 exceeds maximum value 63, truncating.
Warning: chips select 1 property cavium,t-wait, clocks 181, clock time 300, period 1666, mult: 1 exceeds maximum value 63, truncating.
Warning: rd_delay 7 exceeds page time value 23 * multiplier 8
or rd_delay 7 exceeds read hold time 0 * multiplier 8
for chip select 1


U-Boot 2013.07 ACCTON Version 0.1.0.12 (Build time: Sep 15 2017 - 14:27:14)

Octeon unique ID: 0a8000104019f31e04c1
Using DRAM size from environment: 4096 MBytes
LMC0: Measured DDR clock: 666666211, cpu clock: 1600000000, ddr clocks: 111111373
SATA0: available
SATA BIST STATUS = 0x0
EVB7000 board revision major:1, minor:0, serial #:
OCTEON CN7130-AAP pass 1.2, Core clock: 1600 MHz, IO clock: 600 MHz, DDR clock: 667 MHz (1334 Mhz DDR)
Base DRAM address used by u-boot: 0x10f000000, size: 0x1000000
DRAM: 4 GiB
Clearing DRAM...... done
SF: Detected MX25L6433F with page size 256 Bytes, erase size 4 KiB, total 8 MiB
Flash: 0 Bytes
PCIe: Port 0 link active, 1 lanes, speed gen2
PCI console init succeeded, 1 consoles, 1024 bytes each
port 1 is not capable of FBS
port 1 is not capable of FBS
SATA#0
Net: octeon_eth_get_phy_info: Unknown PHY compatible string broadcom
octeth0, octrgmii0 [PRIME]
octeon_board_phy_init: Unknown PHY type broadcom for octrgmii0
Node 0 Interface 0 has 1 ports (RXAUI)
Node 0 Interface 2 has 4 ports (NPI)
Node 0 Interface 3 has 4 ports (LOOP)
Node 0 Interface 4 has 1 ports (AGL)
Type the command 'usb start' to scan for USB storage devices.

post boot function...
SPI boot index : 1
reset phy on CPLD!! ...
Hit any key to stop autoboot: 0
 

747builder

Active Member
Dec 17, 2017
103
51
28
Read the link a page back on how to get in U-boot and how to prepare the USB stick and how to install it.
 

tritron

Member
Jan 15, 2020
59
23
8
I can get in uboot I wonder why I get an error message nvr0 not found I see that is detected.

SF: Detected MX25L6433F with page size 256 Bytes, erase size 4 KiB, total 8 MiB
is my enviroment missconfigured I tried to install loader but nvr0 not found is holding me back
Looks like my cinfig is mtdids=nor0=octeon_nor0,nand0=octeon_nand0
 

frogtech

Well-Known Member
Jan 4, 2016
1,346
209
63
32
I'm circling back around to this and still awfully confused by the licensing that you can buy. It's clear that there's the JSB and JSE licenses. But are they yearly or perpetual?

Is there a difference between hardware support, tech support, and software support in terms of entitlements and buying access to those?

I'll just state that what I want is access to software downloads and I guess just a base license. But is there a cheap way to fully and legally license to play with every feature on demand?

Seems like juniper care plus JSB is the starting point for base usage?
 

Navy_BOFH

Active Member
Aug 2, 2013
149
59
28
I'll just state that what I want is access to software downloads and I guess just a base license. But is there a cheap way to fully and legally license to play with every feature on demand?
Looking at Juniper TAC - the latest recommended version of JunOS for the SRX series is still 18.4-R3 which was linked in one of the previous posts here and I can likely upload again if needed. I just took mine off the shelf to upgrade and start looking into it myself.

As for the licensing - I am interested in knowing that as well just for peace of mind - I am looking into the Juniper series because I only have background in Fortinet and Cisco products and licensing which is... pricy... depending on what the customer is wanting.
 

oddball

Active Member
May 18, 2018
172
57
28
39
I'm circling back around to this and still awfully confused by the licensing that you can buy. It's clear that there's the JSB and JSE licenses. But are they yearly or perpetual?

Is there a difference between hardware support, tech support, and software support in terms of entitlements and buying access to those?

I'll just state that what I want is access to software downloads and I guess just a base license. But is there a cheap way to fully and legally license to play with every feature on demand?

Seems like juniper care plus JSB is the starting point for base usage?
Ok, I have a handful of these...licensed etc.

Here is the absolute cheapest way to get these legal.

The JSB-L, JSB, JSE are all perpetual licenses. The JSB-L is limited to 200Mbps, BUT...when you purchase the license there is nothing to be installed on the router itself. So no effective limiter.

You can buy JSB-L support for cheap. I think I paid $140 for 5yrs of support? You can apply this to a second hand router.

Purchase the JSB-L license ($144 and then support which is $32/yr or $140 for five years) through a reseller like CDW. They don't ask the serial of the device you're purchasing for.

Once you're given the entitlement log into your Juniper account and activate it with the link you're given. You'll have to put in the serial, but it really doesn't care as long as it's a valid serial. From there you have full access to downloads for the term of your support.

I have a number of devices (SRX300/SRX345/pool of NFX250's/EX4300s) and in most cases what shows up in my support portal is the licensed software, not the underlying device (even though it's registered to me).

You can call in with support questions as well. Obviously they won't replace the hardware, but that's the point of purchasing it cheaply online.

You now have a licensed version and legal access to the software.
 
  • Like
Reactions: frogtech

oddball

Active Member
May 18, 2018
172
57
28
39
Ok, I have a handful of these...licensed etc.

Here is the absolute cheapest way to get these legal.

The JSB-L, JSB, JSE are all perpetual licenses. The JSB-L is limited to 200Mbps, BUT...when you purchase the license there is nothing to be installed on the router itself. So no effective limiter.

You can buy JSB-L support for cheap. I think I paid $140 for 5yrs of support? You can apply this to a second hand router.

Purchase the JSB-L license ($144 and then support which is $32/yr or $140 for five years) through a reseller like CDW. They don't ask the serial of the device you're purchasing for.

Once you're given the entitlement log into your Juniper account and activate it with the link you're given. You'll have to put in the serial, but it really doesn't care as long as it's a valid serial. From there you have full access to downloads for the term of your support.

I have a number of devices (SRX300/SRX345/pool of NFX250's/EX4300s) and in most cases what shows up in my support portal is the licensed software, not the underlying device (even though it's registered to me).

You can call in with support questions as well. Obviously they won't replace the hardware, but that's the point of purchasing it cheaply online.

You now have a licensed version and legal access to the software.
Here are the actual links:

Core care for the JSB-L software: Juniper Care Core - technical support - 5 years - SVC-COR-SRX300JSBL-5YR - Warranties - 3rd Party - CDW.com (5yr)
Single year: Juniper Care Core - technical support - 1 year - SVC-COR-SRX320JSBL - Warranties - 3rd Party - CDW.com

The JSB-L license: Juniper Networks Secure Branch - license - 1 gateway, up to 200 Mbps - SRX300-JSB-L - Firewall Software - CDW.com
 
  • Like
Reactions: klui

oddball

Active Member
May 18, 2018
172
57
28
39
The only caveat here, your company name at CDW needs to match your company name at Juniper.

If you don't have a company? Maybe create a DBA for a sole proprietorship, in my state it costs $75, then you can use this name and your address everywhere. No need to incorporate or anything.
 
  • Like
Reactions: klui

frogtech

Well-Known Member
Jan 4, 2016
1,346
209
63
32

oddball

Active Member
May 18, 2018
172
57
28
39
Is the JSE license exponentially more expensive? And you need to buy a 'license' per device you have on hand I assume?
You are supposed to have a license per device. But for home use it probably doesn’t matter. The license isn’t connected to the device at all, it’s honor based.

You can have a floating license if you want to have a hot spare in production.

The JSE includes some app firewalling features plus a few other things like AppQoS. You can run these features unlicensed if you want.

I believe the higher license levels also give you more than three virtual routers. That’s the default. So if you need a ton of VRF’s you’d need a higher level.