Aldur wrote: » Ouch, man that does sound painful. Have you by chance been working with JTAC on the SRX problems that you've had?
msteinhilber wrote: » I've only spoke to them once unfortunately, regarding an unrelated issue with VPN's dropping at random from within hours to days time and requiring a reboot to bring them back up. And with the same tunnels taking 40-60 seconds or so each to come up. Didn't get anywhere with JTAC at that time partly due to my schedule not being very accommodating to spend an hour or two away from other work but corrected that with an alternate firmware version other than the current version recommended by JTAC. I'm a bit more free timewise to invest time with trying to correct the issue and I'm working towards that now. I was able to convince our provider to supply me with another couple /30's over our fiber to allow me to stick the SRX right at our handoff to be able to work on testing while our existing ASA5510 is completely out of the equation. Unfortunately, the SRX doesn't run into the same issues in that environment be it due to the lighter load or whatever it may be. So any troubleshooting I do on my own or with JTAC has to be at minimum after 9PM and before 6AM the following morning and still requires downtime for our e-mail if it stops passing traffic like it has been doing since our network relies on a single connection though I'm fighting to get at least a DSL line for backup. Not sure if I'm just trying to do too much with the SRX240-H or what. I've had advanced features we licensed (IPS/UTM) disabled for the time being after it stopped passing traffic the morning after my first time deploying it (was passing traffic as intended that evening). All in all once it's finally operating as intended it will have ~45 VPN tunnels up, and sitting between our 25mbps fiber and a couple of T1's linking our former corporate office building to our current. All in all, a pretty minimal amount of traffic flowing through - typically no more than 12mbps through the firewall as seen on our ASA at the moment. So I'm pretty sure I'm not trying to do more than intended with the product Anyways, I don't mean to hijack hoogen's thread I've got all of next week's evenings open since it's not my week with my son, so I'll see what kind of progress I can make on my own and with JTAC and hopefully get this guy running strong. The SRX100's I've setup at our remote branches so far have all been working flawless thus far, just looking forward to getting our 240 running so I can let it do it's thing for a month or so and trade-in our ASA5510 once I'm confident with the SRX240 and use the credit from the ASA toward another SRX240 to cluster - though I'll have to do some reading up there since I remember reading some issues with or limitations in some Junos versions with UTM and or IPS being disabled or not working correctly in active/active cluster configurations. Anyways... congrats again hoogen, sorry to hijack!
