Juniper Netscreen SSG5 Outgoing Traffic

I have two Juniper SSG 5 routers connected through a VPN tunnel. About every 6 hours for one and 12 hours for the other, the outgoing traffic will be slowed and then stopped. I can still remote into systems behind them and even connect through a PPTP connection. However, any system on those routers cannot connect to the internet. The only way I have found thus far to get them back up is to reset the routers about every 6 hours. Anyone know why they are doing this?
lostsong222Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lostsong222Author Commented:
Also, I have had both routers reporting to a syslog server, there are no errors or odd events that pop up anywhere at all surrounding the times when they go down.
0
kurtholm2004Commented:
What ScreenOS are you running on these and have you confirmed that you have not power issues? Are they connected to a UPS and if so is it a standby or online system UPS? Have you tried a new power supply on either one?

Also can you post a "get tech-support"? Obviously edit out anything like email addresses, names, IP addresses, descriptions and so on....
0
lostsong222Author Commented:
I am running ScreenOS 5.4.0r6.0. Both of the routers are on online system UPS and neither of the UPS logs show any flux or down time. The draw is minimal and honestly the UPSs are over sized for the pull.
Here is my edited get tech-support file.
-tech.txt
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

kurtholm2004Commented:
Are you currently covered for ScreenOS upgrades? I have seen an issue very similar to what you are seeing with 5.4.0r4.0 and a dramatic improvement when I went to 5.4.0R14. If you do have access to upgrading the ScreenOS I would recommend going to the latest release of 6.2.0.

One thing I noticed that I thought I would mention is currently you are two dns names entered for ntp but no DNS servers listed. I know you have NTP disabled right now but if you want to use it with the current ntp config you will need to enter at least one DNS server.

Also I see there is configuration for websense but it does not appear that their is a policy configured to use it. If you are not acutally using websense I would remove the configuration for it. Older ScreenOSs have many issues with Websense.

Also I see have syslog server configured but you have unset the logging to syslog. I would remove the config of the syslog server if you are not using that (especially the "log traffic" part).

It also appears the Deep Packet Inspection is enabled according to the tech support dump but I do not see it in use in the config (unless I missed something). If it is being used on the SSG5 I would recommend disabling that since it can severely impact those units.

Also just to confirm is it all outgoing traffic or just traffic going over the tunnel?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
lostsong222Author Commented:
Hi Kurtholm2004!

I am fixing/changing and updating my little heart out. I will let it sit tonight and see if there is still outgoing internet in the morning.

Thank you for your reply!
0
kurtholm2004Commented:
How did the updates/updating go? Are the symptoms still there?
0
lostsong222Author Commented:
I removed all the configs that we weren't utilizing and updated the screenOS. The outgoing Internet did not shut off but did slow to an almost crawl about midday and stayed that way. I am going to give it another hou or so an see if it's just traffic.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.