2022. 12. 20. 12:58 WorkHolic

WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE / JUNIPER / 주니퍼

728x90
반응형

WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE

August 14, 2018
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 09:58:18 2018 from 83.244.171.242
— JUNOS 15.1X49-D45 built 2016-04-25 07:29:58 UTC
***********************************************************************
** **
** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE **
** **
** It is possible that the primary copy of JUNOS failed to boot up **
** properly, and so this device has booted from the backup copy. **
** **
** Please re-install JUNOS to recover the primary copy in case **
** it has been corrupted and if auto-snapshot feature is not **
** enabled. **
** **
***********************************************************************
root@FW01-SHIRAJ-SRX% cli
shroot@FW01-SHIRAJ-SRX> show chassis alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root <– This is where its booted from
root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a) <– This is the partitions name
Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M
root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Nov 20 22:15:26 2016
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– This is the version it was on before the crash
root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– Copy the working partition to crashed partition
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /
root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s2a
Backup Partition: da0s1a
Currently booted from: backup (da0s1a)
Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M
root@FW01-SHIRAJ-SRX> show system alarms
1 alarms currently active
Alarm time Class Description
2018-06-28 12:48:36 GMT Minor Host 0 Boot from backup root
root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 1
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check the partion have same version on slice 1 and slice 2
root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (backup)
Creation date: Jun 28 12:44:56 2018
Information for snapshot on internal (/dev/da0s2a) (primary)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– once copied check version is same
root@FW01-SHIRAJ-SRX>
root@FW01-SHIRAJ-SRX> request system reboot media internal
Reboot the system ? [yes,no] (no) yes
Shutdown NOW!
[pid 9183]
root@FW01-SHIRAJ-SRX>
*** FINAL System shutdown message from root@FW01-SHIRAJ-SRX ***
System going down IMMEDIATELY



TO UPDATE THE VERSION

root@FW01-SHIRAJ-SRX> request system software add no-copy no-validate /var/tmp/junos-srxsme-15.1X49-D60.7-domestic.tgz reboot <– update the software verion
root@FW01-SHIRAJ-SRX>
login as: root
Using keyboard-interactive authentication.
Password:
Last login: Fri Jun 29 11:10:42 2018 from 81.103.90.67
— JUNOS 15.1X49-D60.7 built 2016-09-13 22:27:47 UTC
root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX%
root@FW01-SHIRAJ-SRX> show system storage partitions
Boot Media: internal (da0)
Active Partition: da0s1a
Backup Partition: da0s2a
Currently booted from: active (da0s1a)
Partitions information:
Partition Size Mountpoint
s1a 2.4G /
s2a 2.4G altroot
s3e 185M /config
s3f 2.1G /var
s4a 224M recovery
s4e 15M
root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic <– check the backup partion have same version as primary
root@FW01-SHIRAJ-SRX> show system snapshot media internal slice 2
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 10:57:23 2018
JUNOS version on snapshot:
junos : 15.1X49-D45-domestic
root@FW01-SHIRAJ-SRX> request system snapshot media internal slice alternate <– copy the primary partition to backup
Formatting alternate root (/dev/da0s2a)…
Copying ‘/dev/da0s1a’ to ‘/dev/da0s2a’ .. (this may take a few minutes)
The following filesystems were SHIRAJhived: /
root@FW01-SHIRAJ-SRX> show system snapshot media internal
Information for snapshot on internal (/dev/da0s1a) (primary)
Creation date: Jun 29 11:41:10 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version
Information for snapshot on internal (/dev/da0s2a) (backup)
Creation date: Jun 29 11:58:33 2018
JUNOS version on snapshot:
junos : 15.1X49-D60.7-domestic <– check the partition have same version
root@FW01-SHIRAJ-SRX>

 

 

 

https://blog.shiraj.com/2018/08/this-device-has-booted-from-the-backup-junos-image/

 

THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE « Memorise

THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE August 14, 2018 login as: root Using keyboard-interactive authentication. Password: Last login: Fri Jun 29 09:58:18 2018 from 83.244.171.242 — JUNOS 15.1X49-D45 built 2016-04-25 07:29:58 UTC ************

blog.shiraj.com

 

#Firewall #Juniper #SRX

728x90
SMALL

'WorkHolic' 카테고리의 다른 글

Syncthing: 실시간 파일 동기화 프로그램 (NAS간 동기화 검토)  (0) 2023.01.09
root login이 금지된 ssh 서버에 root로 sftp 사용하기  (0) 2022.12.26
SMTP 테스트(bash and telnet to test an email)  (2) 2022.12.17
POP3 접속 테스트 (BASH check POP3 mail with telnet)  (0) 2022.12.17
PHP SQL Injection 방지 처리 코드  (4) 2022.11.30
Posted by gromet

2022. 6. 24. 13:12 WorkHolic

주니퍼 SRX 포트포워딩 수정

728x90
반응형

기존에 주니퍼 외부 아이피의 80, 443 포트를 내부 서버로 포트포워딩 하고 있었다.

 

[edit]
root@SRX340# show security nat destination
pool 192_168_2_2_443 {
    address 192.168.2.2/32 port 443;
}
pool 192_168_2_2_80 {
    address 192.168.2.2/32 port 80;
}
rule-set nsw_destnat {
    from zone Internet;
    rule 0_Web_Server--DMZ_443 {
        match {
            source-address 0.0.0.0/0;
            destination-address 0.0.0.0/0;
            destination-port {
                443;
            }
        }
        then {
            destination-nat {
                pool {
                    192_168_2_2_443;
                }
            }
        }
    }
    rule 0_Web_Server--DMZ_80 {
        match {
            source-address 0.0.0.0/0;
            destination-address 0.0.0.0/0;
            destination-port {
                80;
            }
        }
        then {
            destination-nat {
                pool {
                    192_168_2_2_80;
                }
            }
        }
    }
}

 

이것을

80->81

443-> 444

로 변경하였다.

 

방법을 얘기하자면 변경하려고 하는 포트를 set 명령으로 추가하고 기존 포트를 delete 명령으로 삭제해 주면된다.

 



root@SRX340> edit
Entering configuration mode
The configuration has been changed but not committed

root@SRX340> configure
Entering configuration mode
The configuration has been changed but not committed

root@SRX340# edit security nat destination
root@SRX340# set rule-set nsw_destnat rule 0_Web_Server--DMZ_443 match destination-port 444

[edit security nat destination]
root@SRX340# delete rule-set nsw_destnat rule 0_Web_Server--DMZ_443 match destination-port 443

[edit security nat destination]
root@SRX340# set rule-set nsw_destnat rule 0_Web_Server--DMZ_80 match destination-port 81

[edit security nat destination]
root@SRX340# delete rule-set nsw_destnat rule 0_Web_Server--DMZ_80 match destination-port 80

[edit security nat destination]
root@SRX340# commit check
configuration check succeeds

[edit security nat destination]
root@SRX340# commit
commit complete

[edit security nat destination]
root@SRX340# exit

 

#주니퍼 #포트포워딩 #환경설정수정 #Juniper #PortForwarding #SRX340

728x90
SMALL

'WorkHolic' 카테고리의 다른 글

[리눅스] ls로 디렉토리 목록만 보는 몇가지 방법  (0) 2022.07.12
ESXi 7.0 VMFSL 파티션 용량 문제  (0) 2022.06.24
주니퍼 SRX 관리페이지(J-Web) 접속 문제  (0) 2022.06.24
Juniper SRX DHCP 재설정  (0) 2022.06.14
HP DL380p Gen8 iLO4 firmware update (Linux)  (0) 2022.04.28
Posted by gromet

2022. 6. 24. 13:02 WorkHolic

주니퍼 SRX 관리페이지(J-Web) 접속 문제

728x90
반응형

After upgrading to 10.2R3 and 10.3R1 or later releases, J-Web access may not work if that interface is also terminating an IPSec VPN&nbsp;tunnel.

 

주니퍼 관리 페이지에 접속하려고 했더니 로그인 페이지가 아니라 Pulse Client 안내 페이지가 나온다.

확인해 보니 IPSec VPN이 활성화 되어 있으면 모든 http/https 접속이 Dynamic VPN 페이지로 연결된다고 한다.

그동안 여러 대의 주니퍼를 세팅했지만 이번에 처음 봤는데, 그동안에는 VPN을 활성화하지 않아서 였던 것 같다.

 

 

Interfaces terminating an IPSec tunnel will redirect all HTTP and HTTPS requests to the Dynamic VPN domain.
Example:https:// <srx-domain-or-ip> /dynamic-vpn

 

해결 방법은 관리자 페이지 URL을 환경설정에 등록해 주면 된다.

 

 

In order to allow J-Web management on an interface which is terminating an IPSec VPN, you must configure management-url for J-Web access:

set system services web-management management-url <path>

For example, with the following configuration:
[edit system services]
lab@SRX210-poe.hk# show
web-management { 
    management-url admin; <=== Configuration added here.   
        http;   
        https { 
    system-generated-certificate; 
    }
}

J-Web management would require administrator to browse to:
http://x.x.x.x/admin
or
https://x.x.x.x/admin
(Where x.x.x.x is the interface IP address.)

 

 

URL을 admin으로 설정해 주고 접속하니 접속이 잘 된다.

 

 

 

 

[참고URL]

https://supportportal.juniper.net/s/article/Not-able-to-access-J-Web-management-on-SRX-Branch-after-upgrading-to-recent-JUNOS-10-2-and-later-releases?language=en_US 

 

Not able to access J-Web management on SRX-Branch after upgrading to recent JUNOS 10.2 and later releases.

×Sorry to interrupt This page has an error. You might just need to refresh it. [LWC component's @wire target property or method threw an error during value provisioning. Original error: [Cannot read properties of undefined (reading 'ContentDocumentId')]]

supportportal.juniper.net

 

#Juniper #SRX #SRX340 #J-Web #Management #주니퍼 #관리자페이지

 

728x90
SMALL

'WorkHolic' 카테고리의 다른 글

ESXi 7.0 VMFSL 파티션 용량 문제  (0) 2022.06.24
주니퍼 SRX 포트포워딩 수정  (0) 2022.06.24
Juniper SRX DHCP 재설정  (0) 2022.06.14
HP DL380p Gen8 iLO4 firmware update (Linux)  (0) 2022.04.28
HPE DL380 G10, DL360 G10 서버 세팅 중  (0) 2022.04.16
Posted by gromet
이전버튼 1 이전버튼
블로그 이미지
나는 운이 좋은 사람이다 나는 나날이 점점 더 좋아진다 내가 하는 선택과 행동은 반드시 성공으로 이어진다 내게는 인내력과 지속력이 있다 네게는 좋은것들만 모여든다
gromet

공지사항

Yesterday
Today
Total
반응형

달력

 « |  » 2024.11
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

최근에 올라온 글

최근에 달린 댓글

최근에 받은 트랙백

글 보관함

160x600

티스토리툴바