JohnArmstrong
asked on
Juniper Firewalls - Dying or getting Bricked?
Anyone experience issues with Juniper Firewalls being particularly sensitive hardware to power variations? (brownouts, blackouts, spikes) Presumably we have lost a couple of Juniper firewalls due to power surges, EVEN THOUGH the devices are on enterprise grade UPS. When power resumed, our firewalls did not, everything else was just peachy.
We've had several power outages and have lost multiple Juniper Firewalls even though they were on high-grade UPS backup battery and high-end power backup generation equipment. No other hardware, out of thousands of PCs, 60+ switches, wifi access points or other hardware, were effected by the power outages\surges.
I'm interested in hearing your experiences with Juniper hardware and it's sensitivity to power variations. Thanks
We've had several power outages and have lost multiple Juniper Firewalls even though they were on high-grade UPS backup battery and high-end power backup generation equipment. No other hardware, out of thousands of PCs, 60+ switches, wifi access points or other hardware, were effected by the power outages\surges.
I'm interested in hearing your experiences with Juniper hardware and it's sensitivity to power variations. Thanks
It would be nice to have a little clarification.
You state that you have "high-grade UPS backup battery and high-end power backup generation equipment"
Yet you also stated:
"When power resumed, our firewalls did not, everything else was just peachy."
That implies that they lost power when you lost building power and so they went down and when building power was restored they would not power up.
SO, did they lose power and go down when you lost building power? If so, why? If they did not, then what do you mean that statement.
You state that you have "high-grade UPS backup battery and high-end power backup generation equipment"
Yet you also stated:
"When power resumed, our firewalls did not, everything else was just peachy."
That implies that they lost power when you lost building power and so they went down and when building power was restored they would not power up.
SO, did they lose power and go down when you lost building power? If so, why? If they did not, then what do you mean that statement.
actually it can be due to many factor, doubt it is specifically on the FW itself since it is supposed to be EMC Emissions, EMC Immunity, ETSI tested and certified. They also have fuse as per norm std. In almost guide, they all recommend using a surge protector for the power connection. Not specific to Juniper only.
Indeed for running datacenter, you cannot rely on the device native protection but also need to ensure the correct DC or AC loading and all socket is grounded and have surge protector switches...I do see the other external factor being the culprit and even FW is of such military robust grade but more of standard security certified and safety certified as in all security appliance...they have fuse
Indeed for running datacenter, you cannot rely on the device native protection but also need to ensure the correct DC or AC loading and all socket is grounded and have surge protector switches...I do see the other external factor being the culprit and even FW is of such military robust grade but more of standard security certified and safety certified as in all security appliance...they have fuse
ASKER
giltjr, thanks for your post. Yea I misspoke, when they power outage occurs, the UPS is there to cover the hardware during the couple of seconds before the generator kicks in and fires up. The hardware was dead when the power outage occured, so I don't know if it was due to a spike at the time of the outage (which the grounded outlet and UPS should have trapped anyway) or the switchover to batter or the switchover to generator or the switchover back to the grid when power was restored to the buildings. I know that as a rule of thumb, generators can create spikes which is why you want your hardware on a UPS because they provide additional power filtering in addition to keeping the hardware alive until the diesel generator kicks in.
Power spikes can kill router equipment. I have had that happen, albeit not with Juniper. Perhaps get a small true UPS supply for your network gear so there is no outage at all during a switchover.
... Thinkpads_User
... Thinkpads_User
How old is the UPS? How often do you think you get power spikes?
What type of PDU's do you have?
Devices that are designed to absorb power spikes can actually "wear" out and allow spikes through.
What type of PDU's do you have?
Devices that are designed to absorb power spikes can actually "wear" out and allow spikes through.
ASKER
The UPS is new, 3 months? In all environments where I've encountered this the UPS have been newer than 12 months. I wonder if it's occuring when the device is trying to boot up and there's another blip in the power during boot-up cycle. Maybe Juniper doesn't like having it's boot cycle interupted?
If your UPS was protecting the gear, then it may just be a failure of the device. That happens.
I assume when you say UPS, you mean Uninterruptible Power Supply (you said enterprise grade UPS). These are devices that feed the gear from filtered battery supply and use AC to charge the batteries. Such devices are immune to ordinary power surges and blips.
So given the above, it does not appear to be a power issue and probably just failures of the gear. As I noted above, I had one such failure; otherwise Juniper gear is very robust.
I assume when you say UPS, you mean Uninterruptible Power Supply (you said enterprise grade UPS). These are devices that feed the gear from filtered battery supply and use AC to charge the batteries. Such devices are immune to ordinary power surges and blips.
So given the above, it does not appear to be a power issue and probably just failures of the gear. As I noted above, I had one such failure; otherwise Juniper gear is very robust.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Breadtran, a wealth of info, thank you. I like the idea of monitoring the firewall's power supply with SNMP, but we get dinged for SNMP when we have it running because there are many potential vulnerabilities and now there are amplification attacks that can be utilized with SNMP. John Hurst, thanks for feedback but your a bit off course when you say UPS are immune from ordinary power surges and blips. OMG! I can tell you have how many UPS I have seen misbehave and\or die from ordinary brown outs, surges or spikes. This is simply not the case and anyone that's had a few years exposure to working with UPS will tell you so, they do not behave predictably under any circumstances.
thanks for sharing
John Hurst, thanks for feedback but your a bit off course when you say UPS are immune from ordinary power surges and blips.
I am pleased your problem is solved. However I have never in my life seen a commercial UPS pass spikes through the isolated battery supply that powers gear. So that is why I answered the way I did.
I am pleased your problem is solved. However I have never in my life seen a commercial UPS pass spikes through the isolated battery supply that powers gear. So that is why I answered the way I did.
Separately, I have had other brands of routers fail as a result of power outages or variations.
... Thinkpads_User