[j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
Junos 11.4R1.6 is currently shipping on new EX-series switches. In this release, the CLI program isn't even stable. I've had it crash on me before I can even get as far as to commit a root password. For the EX PMs who may be reading, please change the version that ships on new-in-box units to one that isn't so buggy that it should never have been released. Is it your express goal to make sure customers buying new units understand than many Junos releases are such garbage as to be unusable? To inform us that your Q/A is non-existent? Is there an 11.4R that basically works? Yes. Is there one that JTAC recommends? Yes. Is the currently-shipping version covered by Juniper security vulnerability notices indicated to be serious? Also, yes. Is that supposedly-serious vulnerability fixed in the JTAC-recommended version, which functions better? Again, yes. Why is that not the version that ships on new kit from the distributors? Bad management. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Logging usage on an SRX with UTM
Hey all, Got a customer who is using a small SRX with UTM (Web filtering, AV, AS, IDP), and he wants us to do logging across with the board, but with specific focus on the usage of web traffic. They'd like to know all web urls going through the firewalls, but also very interested in the knock backs from EWF - and who. Is there something that easily does this, or something I'd have to collate via syslog, or some other method? ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco - Cloud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Logging usage on an SRX with UTM
Haven't You checked the manual? http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/syslog-messages/jd0e61552.html#WEBFILTER_URL_PERMITTED http://www.juniper.net/techpubs/en_US/junos12.1/information-products/topic-collections/syslog-messages/jd0e61552.html#WEBFILTER_URL_BLOCKED Regarding and who - the WEBFILTER syslog messages contain only the src.IP, correlation to username is manual at this stage. HTH Thanks Alex - Original Message - From: Skeeve Stevens skeeve+juniper...@eintellegonetworks.com To: juniper-nsp@puck.nether.net Sent: Sunday, June 23, 2013 12:24 PM Subject: [j-nsp] Logging usage on an SRX with UTM Hey all, Got a customer who is using a small SRX with UTM (Web filtering, AV, AS, IDP), and he wants us to do logging across with the board, but with specific focus on the usage of web traffic. They'd like to know all web urls going through the firewalls, but also very interested in the knock backs from EWF - and who. Is there something that easily does this, or something I'd have to collate via syslog, or some other method? ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ; http://twitter.com/networkceoau linkedin.com/in/skeeve twitter.com/networkceoau ; blog: www.network-ceo.net The Experts Who The Experts Call Juniper - Cisco - Cloud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
I've never understood this...there are so many complexities going into design of the switches, product development, the junos development, and they can't get the shipping software version right? Seems like such an easy detail. /randomthoughts -Morgan On Sun, Jun 23, 2013 at 1:07 AM, Jeff Wheeler j...@inconcepts.biz wrote: Junos 11.4R1.6 is currently shipping on new EX-series switches. In this release, the CLI program isn't even stable. I've had it crash on me before I can even get as far as to commit a root password. For the EX PMs who may be reading, please change the version that ships on new-in-box units to one that isn't so buggy that it should never have been released. Is it your express goal to make sure customers buying new units understand than many Junos releases are such garbage as to be unusable? To inform us that your Q/A is non-existent? Is there an 11.4R that basically works? Yes. Is there one that JTAC recommends? Yes. Is the currently-shipping version covered by Juniper security vulnerability notices indicated to be serious? Also, yes. Is that supposedly-serious vulnerability fixed in the JTAC-recommended version, which functions better? Again, yes. Why is that not the version that ships on new kit from the distributors? Bad management. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- Thanks, Morgan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
Why is that not the version that ships on new kit from the distributors? Bad management. We're getting two EX4200's and two MX5's delivered this week. Hope they have the recommend JTAC versions on them! -- Kind Regards, Gavin Henry. Do you know we have our own VoIP provider called SureVoIP? See http://www.surevoip.co.uk Did you see our API? http://www.surevoip.co.uk/api ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
Once upon a time, Gavin Henry ghe...@suretec.co.uk said: We're getting two EX4200's and two MX5's delivered this week. Hope they have the recommend JTAC versions on them! Why do you expect they will? The recommended releases are not very old; it isn't like Juniper (or any other vendor) is going to pull back all the stock in the supply chain and reload the OS every time they change the recommended release. Larger deployments are probably running a specific version that they've tested anyway (so are likely to reload all new gear out of the box). I always needed to load the image with SSH (even if the release was a favorable version). Now, I ran into the same problem as the OP with the EX where cli crashed repeatedly while I was trying to load a new version. That should never have made it through QA to go out the door; the software should have never been released like that, and it certainly shouldn't have been sent to manufacturing to put on shipping hardware. -- Chris Adams c...@cmadams.net ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
On Sun, Jun 23, 2013 at 10:50:37PM +0100, Gavin Henry wrote: Why is that not the version that ships on new kit from the distributors? Bad management. We're getting two EX4200's and two MX5's delivered this week. Hope they have the recommend JTAC versions on them! We recently got in two EX4550's, and the version shipped there sucked badly too. Actually, I only found one of the handful of versions out that seems to work well (period, not only for my feature needs). So I would doubt it. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
On Monday, June 24, 2013 12:02:50 AM Chris Adams wrote: Why do you expect they will? The recommended releases are not very old; it isn't like Juniper (or any other vendor) is going to pull back all the stock in the supply chain and reload the OS every time they change the recommended release. Larger deployments are probably running a specific version that they've tested anyway (so are likely to reload all new gear out of the box). I always needed to load the image with SSH (even if the release was a favorable version). This is typically what happens with us also. We always get the Export version of Junos with our kit and end up having to switch to Domestic anyway, and like you say, we harmonize code across the backbone. So more than likely, we'll be overwriting the existing code with what works for us. Mark. signature.asc Description: This is a digitally signed message part. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems
On Sun, Jun 23, 2013 at 6:02 PM, Chris Adams c...@cmadams.net wrote: Once upon a time, Gavin Henry ghe...@suretec.co.uk said: We're getting two EX4200's and two MX5's delivered this week. Hope they have the recommend JTAC versions on them! Why do you expect they will? The recommended releases are not very old; it isn't like Juniper (or any other vendor) is going to pull back all the stock in the supply chain and reload the OS every time they change the recommended release. I don't expect them to do that. I just expect a Release version that isn't so bad, that the CLI is unusable, to be installed on the switches from the factory. Sure, it may take some weeks to deplete all the remaining inventory that still has 11.4R1 on it, and that's fine. Continuing to ship a version that is so broken is idiotic. Yes, as Mark says, customers who have a clue are going to install a different version anyway. Not every customer has a clue. Some might expect the software that ships on a switch that has been out for 4+ years to basically work right. The reason it doesn't is they seem to change the shipping Junos only when a new extended support release comes out, or when new EX switches come out that they want to be able to stack with older ones out of the box. That would be fine if those releases worked right. Fix it, EX PMs! This is a simple problem with a simple solution. -- Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches,
serious problems MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable I don't think I have once ever run the shipped version of code on a piece of gear in production. Now if the version is not stable enough to load a stable version that is another thing. Heck my car's ECU didn't even come with the latest version with all the fixes. Phil From: Jeff Wheeler Sent: =E2=80=8E6/=E2=80=8E23/=E2=80=8E2013 18:59 To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Junos 11.4R1.6 shipping on new EX-series switches, serious problems On Sun, Jun 23, 2013 at 6:02 PM, Chris Adams c...@cmadams.net wrote: Once upon a time, Gavin Henry ghe...@suretec.co.uk said: We're getting two EX4200's and two MX5's delivered this week. Hope they have the recommend JTAC versions on them! Why do you expect they will? The recommended releases are not very old; it isn't like Juniper (or any other vendor) is going to pull back all the stock in the supply chain and reload the OS every time they change the recommended release. I don't expect them to do that. I just expect a Release version that isn't so bad, that the CLI is unusable, to be installed on the switches from the factory. Sure, it may take some weeks to deplete all the remaining inventory that still has 11.4R1 on it, and that's fine. Continuing to ship a version that is so broken is idiotic. Yes, as Mark says, customers who have a clue are going to install a different version anyway. Not every customer has a clue. Some might expect the software that ships on a switch that has been out for 4+ years to basically work right. The reason it doesn't is they seem to change the shipping Junos only when a new extended support release comes out, or when new EX switches come out that they want to be able to stack with older ones out of the box. That would be fine if those releases worked right. Fix it, EX PMs! This is a simple problem with a simple solution. --=20 Jeff S Wheeler j...@inconcepts.biz Sr Network Operator / Innovative Network Concepts ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
