I've been a fan of Juniper network gear ever since I helped a friend with their Netscreen 25 over 15 years ago. It was my first exposure to enterprise-grade firewalls and while the learning curve was a bit higher the things I learned allowed me to deploy an SSG-5 at home and it was rock solid for close to a decade.
It was natural I migrate to SRX branch devices and the SRX240H-POE fit the bill. Having lightly tinkered with it on and off I didn't deploy until late last year when we upgraded our home connection to fiber. There were some quirks that I experienced which didn't make sense: DHCP leases didn't renew on some devices, bindings don't show up for a certain device, ntp can't associate through the WAN, some policies won't work if defined independently but only when bundled combined within a stanza. Last week I discovered my 240 at home became unstable and something caused named to SIGHUP and sometimes that stops routing: lots of
At times it would route again after a couple of seconds, other times after many hours. Other than logs from named, there were no other alarms or entries in the log.
I replaced it with a spare but running an installer-hacked version of JunOS 12.3X48 (newer version not supported on the H/B2, only 12.1X46 supported). This was an experiment I did a while ago and decided to see if it fixed the routing problem. Not only was my home connection stable again, some of the quirks disappeared: DHCP leases and binding.
I've read from folks on Juniper's support forums, /r/Juniper, and /r/networking have experienced issues and they were bugs in the FW and the common recommendation is to go with JTAC recommended versions and never new releases. Those were not esoteric issues but things that are common. Stuff like configuration won't work but if you were to delete an entire stanza and build from scratch it would work kind of things. I've run into a few of those bugs on the SSG platform but nowhere near what I've experienced with my SRX.
Hopefully all my issues were caused by old/failing hardware (the risk of buying 2nd-hand), because if I didn't have this history with Juniper I would have given up and use something else. Besides the SSG-5s I still have an SSG-140 and SSG-320M but the platform is EoL. Side note: I tried to run OPNsense on the 320M but the kernel causes a panic, along with a watchdog that reboots the device if it's not serviced, and full fan mode. Besides, what's not to like about JunOS configuration and operational methodology? They are quite elegant but the dual partition is something that I don't like.
Guess I'm just venting.
It was natural I migrate to SRX branch devices and the SRX240H-POE fit the bill. Having lightly tinkered with it on and off I didn't deploy until late last year when we upgraded our home connection to fiber. There were some quirks that I experienced which didn't make sense: DHCP leases didn't renew on some devices, bindings don't show up for a certain device, ntp can't associate through the WAN, some policies won't work if defined independently but only when bundled combined within a stanza. Last week I discovered my 240 at home became unstable and something caused named to SIGHUP and sometimes that stops routing: lots of
named[nnnn]: host unreachable resolving ....
At times it would route again after a couple of seconds, other times after many hours. Other than logs from named, there were no other alarms or entries in the log.
I replaced it with a spare but running an installer-hacked version of JunOS 12.3X48 (newer version not supported on the H/B2, only 12.1X46 supported). This was an experiment I did a while ago and decided to see if it fixed the routing problem. Not only was my home connection stable again, some of the quirks disappeared: DHCP leases and binding.
I've read from folks on Juniper's support forums, /r/Juniper, and /r/networking have experienced issues and they were bugs in the FW and the common recommendation is to go with JTAC recommended versions and never new releases. Those were not esoteric issues but things that are common. Stuff like configuration won't work but if you were to delete an entire stanza and build from scratch it would work kind of things. I've run into a few of those bugs on the SSG platform but nowhere near what I've experienced with my SRX.
Hopefully all my issues were caused by old/failing hardware (the risk of buying 2nd-hand), because if I didn't have this history with Juniper I would have given up and use something else. Besides the SSG-5s I still have an SSG-140 and SSG-320M but the platform is EoL. Side note: I tried to run OPNsense on the 320M but the kernel causes a panic, along with a watchdog that reboots the device if it's not serviced, and full fan mode. Besides, what's not to like about JunOS configuration and operational methodology? They are quite elegant but the dual partition is something that I don't like.
Guess I'm just venting.