Sunday, 24 March 2013

Junos : J-Web experince

I have had a terrible user experience working with SRX 210H through Web GUI interface. In summary, I wouldn't recommend it to anyone if you are not familiar with managing it via CLI. The Web GUI management interface is the worst one I have ever come across. Simply put - I wouldn't let it pass the QA if I was the QA manager of the Web GUI management inteface development. The overall experience with using the Web GUI is below "acceptable". 

Below are some of the glaring points proving its Web GUI is as bad as it could be.
  • The GUI interface is not inituitive enough.
    I was trying to get the basic work done which includes things like configuring IP address of the external interface and tightening down the management access. I found that I couldn't complete these simply tasks without consulting help or user manual, and sometimes even googling on the Internet. A good interface should be self-explanatory and inituitive.

 
  • The "commit" tip is good as well as bad at the same time.
    It is quite helpful when first time user making configuration changes to the device via GUI and got reminded by the "commit" tip on the screen reminding them that they should commit the configuration changes. The tip is some sort of animation that highlights where to commit changes. However, it is also the very same feature that worsen the user experience because it takes about 3 seconds to complete the animation, and you cannot override or bypass that 3 seconds. It doesn't sound much but keep doing it for 10 times or more you will quickly get annoyed by it, as it is effectively slowing you down. In additional the "commit" option is buried in the "action" menu which quite often fail to keep the menu options visible when you attempted to move the mouse pointer to the "commit" option. What it quite often does is that the moment you started moving the mouse pointer to where the "commit" option is the dropped down menu disappeared! You will have to go back to click / or hover your mouse pointer to the "action" menu again to drop down the menu.

  • The performance of Web GUI is bad.
    I was directly connected to the device from my laptop using a UTP cable, and the response of the GUI is slow as. 

  • There appears to be some bugs of the GUI application.
    The column ("from" and "to") will swap their position in a dialogue box from time to time. I expect to see that from a beta app but not a production app.

  • Some of the functions don't work from time to time.
    For example double clicking an item in order to move it from "available" column to "selected" column works 50% of time, and the arrow buttons to select items works 75% of time.

Monday, 18 March 2013

Security, Access, and Acceleration Advisories Released

latforms Affected
  • Junos Pulse
  • ScreenOS 5.x
  • Security
  • ScreenOS 6.x
  • SIRT Security Advisory
  • IVE OS 7.x
  • vGW Series
  • Revision Number 7
    Issue Date 2013-03-13

    PSN Issue :
    A new Security, Access, and Acceleration product security advisory bundle has been released. This message contains the link(s) to the new PSN advisories that have been released. In the interest of speeding the delivery process for SIRT Security Announcements, the Juniper SIRT has implemented a small process change. When the Juniper SIRT publishes Security Advisories and/or Security Notices, a single master PSN (this PSN) will be pushed to subscribed customers which briefly lists the IDs, descriptions, and links for all of the individual Security Announcements being released together on that day.


    Solution:
    Please see the following links for more information about the new security advisories:

    1. PSN-2013-03-872: NetScreen Firewall: OpenSSL vulnerability in ScreenOS (CVE-2012-2110)
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-872&viewMode=view

    2. PSN-2013-03-873: Junos Pulse: Android client privilege escalation
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-873&viewMode=view

    3. PSN-2013-03-874: Junos Pulse Secure Access Service (SSL VPN): Multiple cross site scripting issues
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

    4. PSN-2013-03-875: vGW: IPv6 Connection allowed when it should have been rejected by a network object and/or SRX zone.
      http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-875&viewMode=view

    Tuesday, 12 March 2013

    Junos : Supplement to PSN-2012-03-532 - Tx and Rx lockup of the tsec1 controller causes the em0 interface down and all FRUs to go offline on SRX1400, SRX3400 and SRX3600

    Products Affected SRX1400, SRX3400, SRX3600
    10.4R1-R12, 11.4R1-R6, 12.1R1-R5, 12.1X44-D10 and all the End of Engineering Support versions
    Platforms Affected
  • JUNOS 12.x
  • SRX-series
  • JUNOS 11.x
  • JUNOS 10.x
  • Revision Number 1
    Issue Date 2013-03-11

    PSN Issue :
    Previously PSN-2012-03-532 (Tx lockup of the em0 interface causes the em0 interface down and all FRUs to go offline) was announced to provide a solution for the Tx lockup issue on tsec1 (em0) controller, which was applied in Junos OS 10.4R8-R12, 11.1R6, 11.2R3-R7, 11.4R1-R6, 12.1R1-R5 and 12.1X44-D10. However this solution does not resolve other scenarios which cause Tx or Rx lockup issues of the em0 interface related to the communication path for RE to other parts of system:
    • Chassis cluster failover
    • Chassis cluster split brain
    • Severe service impact including restarting of FPCs (applicable to both cluster and single node devices)
    These new related issues are tracked by PR 820210 and more information is available on KB26714 - How to distinguish Tx and Rx lockup status on em0 interface.


    Solution: The following fix/enhancement is included in 10.4S12, 10.4R13, 11.4R6-S2, 11.4R7, 12.1R5-S1, 12.1R6 (scheduled to be released during the 1st week of May 2013) and 12.1X44-D15 (scheduled to be released the 1st week of May 2013).
    Fix: Enhance the Tx and Rx lockup detection logic and once the error conditions are detected, gracefully reset the Tx or Rx lockup status or reset the MAC of the em0 interface. Then reconfigure the MAC to bring the em0 interface back to a normal working condition.


    Note that all the download links of service releases will be removed once all the maintenance releases (e.g., 12.1R6) are posted on the Junos Software download page.

    Service Release Download Links

    Friday, 8 March 2013

    Junos : Collect Juniper SRX Log and Support info

    Here is some steps to collect logs for both SRX nodes and send to JTAC for analyze.

    1. request support information | save /var/log/rsi.node0.txt

    2.  file archive compress source /var/log/* destination /var/tmp/varlog.node0

    3. Do it on both firewalls then upload to case

    Tuesday, 5 March 2013

    Junos : Updated Junos Extended End of Life policy.

    Products Affected JunosE
    All E-Series routers
    Platforms Affected
  • E-series and ERX Platforms
  • JUNOSe 11-x
  • JUNOSe Software - EOL
  • JUNOSe 10-x
  • JunosE 14.x
  • JunosE 12.x
  • JunosE 13.x
  • Revision Number 1
    Issue Date 2013-02-28

    PSN Issue : Juniper is eliminating the End of Engineering (EOE), End of Service (EOS) and End of Life (EOL) dates for JunosE software releases 10.3.x and higher that were previously identified as Extended End of Life versions.

    OVERVIEW:
    In order to provide customers with the highest level of support for JunosE software for E-Series routers, Juniper is
    eliminating the End of Engineering (EOE), End of Service (EOS) and End of Life (EOL) dates for JunosE software
    releases 10.3.x and higher that were previously identified as Extended End of Life versions. This will allow customers to
    deploy and receive support for Extended End of Life JunosE 10.3.x or higher until the underlying E-Series hardware has
    reached End of Life. This new policy will help customers reduce operational expenses related to software upgrades.

    NO END OF LIFE DATES for EXTENDED END of LIFE JunosE RELEASES
    As of February 12, 2013 the Extended End of Life JunosE software releases 10.3.x and higher no longer have EOE, EOS
    and EOL dates. This has immediate impact on the JunosE 10.3.x, 11.3.x, 12.3.x and 13.3.x releases. The EOE, EOS and
    EOL dates for these releases are now marked NOT applicable. See http://www.juniper.net/support/eol/junose.html

    As E-Series routers deployments are reaching maturity stage, customers are not upgrading due to new features but more
    often upgrading due to EOE, EOS and EOL dates. This is causing customers to spend time and resources while testing
    and deploying new software. Juniper is changing its policy to address the needs of E-Series customers.

    This does not have any impact on Standard End of Life releases. For example, JunosE 13.0.x, 13.1.x, 13.2.x are
    Standard End of Life releases and this new policy has no impact on those releases.
    There is no impact to the Policy and Procedures of the JTAC and engineering groups due to this new Policy. The JTAC
    and engineering groups will provide Hotfixes and patches to resolve problems as they have in the past.
    Features found in higher releases will not be back ported to older releases. Customers will be required to upgrade to new
    releases for new features.

    This new End of Life Policy for Extended End of Life JunosE releases 10.3.x and higher has no impact on hardware end of
    life. Hardware EOL is based on calendar dates and is not overridden by this new policy. See
    http://www.juniper.net/support/eol/#documentation and http://www.juniper.net/support/eol/eseries_hw.html for more details
    on Hardware EOL.
    PSN-2013-02-854 © Juniper Networks, Inc. 2


    loading...