NS5200 problems



  • We are using a pair of NS5200-II for our primary production firewalls. We used to have NS500. They were reliable, easy to maintain, and we loved it. Due to new requirement for more powerful firewall to handle our business grow, we decided to purchase NS5200. This is a mistake. Ever since we installed them in our production system. We had encountered several major production system downtime. The firewalls had rebooted unexpectedly, running with high CPU, and recently, it just stop passing traffic in the middle of peak hours. All these issues were caused by the flaw of either hardware or software. We have open numerous cases with Juniper support, but each time they suggest we upgrading our firmware, we encountered new bug which cause our production downtime. I wonder anyone is having the same bad experience as us. We also use NS2000 and NS500 in our networks. So far, the most reliable pair are the NS500, which is designed by original Netscreen company.


  • administrators

    I can’t think of anything that would cause problems with that. Are both firewalls crashing, or just one? Do you think it could be bad hardware? Bad batch of hardware if both are crashing?

    Like I said, I have several clients running these thing with zero problems.



  • We are NOT running multiple vsys, or just the default one. We use static routing. The setup is pretty straight forward. We deploy three interfaces: Trust, untrust, and Dmz. We enable NSRP, and only enable screen feature on Untrust interface. The same setup was running with NS500 without any problem. We ported the same configuration from NS500 to NS5200. The multiple Juniper Engineers have looked the configuration but found nothing wrong. If the problem is due to type of traffic, or attacks, we even deployed a Radware DefensePRO in front of the firewalls.


  • administrators

    I have several clients running 5200 and 5400’s with no issues. Can you provide more information?

    Are you using VSYS’s? Dynamic routing? How many instances? Is there any indication anywhere as to what is making it crash?


 

26
Online

38.4k
Users

12.7k
Topics

44.5k
Posts