Junos SRX web filtering and Websense

26 04 2010

Ah – another bug-ette, unfortunately. It seems that if you are using a Websense server for your URL filtering, and the websense server goes away for a while (e.g. while it reboots), the SRX doesn’t bother re-connecting.

There’s a timeout you can set, and I’ve not tried that yet, but it has been verified by JTAC as happening within a few minutes.

What’s disappointing about this is that there’s no way in Junos that you can specify a secondary server – you can’t do that in the feature-profile or with a second policy. So in a way, the timeout doesn’t make any sense: there’s no second option to fall back onto.

The disconnect is going to be fixed in 10.1R2, and might be available via a special engineering build if you press hard enough. I plan to log the ‘backup server’ idea as a feature request.

Advertisements

Actions

Information

5 responses

15 07 2010
Portcullischain

I had the same problem and I don’t have my case notes on what I had to do to restart the webfiltering service. It’s happened again on my box. Ahhhh!!!! I beginning to lose all my good feelings for Juniper that I acquired from the Netscreen line after dealing with the SRX line. You don’t happen to have the command so I don’t have to reboot the entire service do you?

20 07 2010
DataPlumber

Yeah – I know what you mean… Are you using the latest 10.1 code?
If I remember correctly, the command to restart web filtering was simply “restart utmd” but it is a hidden command – i.e. you can’t see it if you do a “restart ?”.
When that didn’t work once, we did a “restart forwarding” which restarts the whole forwarding daemon, and I think that restarts UTM as well. You’ll see all ports go offline briefly when you do that, so don’t be surprised if you get cut off temporarily.
Hope that helps!

20 07 2010
Portcullischain

You are correct. The command is restart utmd. Why they ever made it hidden is beyond me. After upgrading to 10.1R3.7 the issue seems to have gone away. I was reluctant to do the upgrade no knowing what else might break but so far everything seems good. Frustration doesn’t begin to describe my feelings toward Juniper

25 03 2013
sneak a peek at these guys

I every time used to read piece of writing in news papers but now as I am
a user of internet thus from now I am using net for content, thanks to
web.

12 08 2014
flood damage

Hi excellent website! Does running a blog similar to this take a great
deal of work? I’ve very little expertise in computer
programming however I had been hoping to start my
own blog in the near future. Anyways, should you have any suggestions or techniques for new blog owners please share.
I know this is off topic however I just had to ask. Appreciate it!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: