Troubleshooting the SRX320

Troubleshooting Resources for the SRX320 Firewall Overview

To troubleshoot a services gateway, you use the Junos OS command-line interface (CLI) and LEDs on the components:

LEDs—When the services gateway detects an alarm condition, the alarm LED on the interfaces glows red or yellow.
CLI—The CLI is the primary tool for controlling and troubleshooting hardware, Junos OS, and network connectivity. Use the CLI to display more information about alarms. CLI commands display information about network connectivity derived from the ping and traceroute utilities. For information about using the CLI to troubleshoot Junos OS, see the appropriate Junos OS configuration guide.
JTAC—If you need assistance during troubleshooting, you can contact the Juniper Networks Technical Assistance Center (JTAC) by using the Web or by telephone. If you encounter software problems, or problems with hardware components not discussed here, contact JTAC.

Troubleshooting Chassis and Interface Alarm Messages on the SRX320 Firewall

When the services gateway detects an alarm condition, the alarm LED on the front panel turns red or amber as appropriate. To view a more detailed description of the alarm cause, issue the show chassis alarms CLI command.

Table 1 describes alarms that can occur for an SRX320 Firewall chassis component.

Table 1: SRX320 Firewall Chassis Alarm Conditions and Corrective Actions
Component	Alarm Conditions	Action	Alarm Severity
Boot media	The services gateway boots from an alternate boot device.	If the internal flash memory fails at startup, the services gateway automatically boots itself from the alternative boot device (USB storage device). Note: If you configured your services gateway to boot from an alternative boot device, ignore this alarm condition. Reformat the internal flash memory and install a bootable image. (See the Installation and Upgrade Guide for Security Devices and Network Monitoring and Troubleshooting Guide for Security Devices) If you did not configure the services gateway to boot from an alternative boot device, contact JTAC.	Amber (minor)
Hardware components on the services gateway	The services gateway chassis temperature or chassis is too warm	Check the room temperature. See SRX320 Services Gateway Environmental Specifications.	Amber (minor)
Hardware components on the services gateway	The services gateway temperature is too high, either because of an internal overheating condition or because the maximum recommended room temperature has been exceeded.	The services gateway shuts down automatically in 4 minutes.	Red (major)
Mini-PIM	A Mini-PIM has failed.	Contact the Juniper Networks Technical Assistance Center (JTAC). If you must replace the failed Mini-PIM, see SRX300 Series and SRX550 High Memory Services Gateway Interface Modules Reference for information about replacing the Mini-PIMs.	Red (major)

Troubleshooting the Power System on the SRX320 Firewall

The LEDs on the services gateway enable you to determine the performance and operation. The PWR LED, located on the front panel of the services gateway, indicates the different settings with respect to the power system.

Table 2 describes different PWR LED status settings and their corrective actions.

Table 2: SRX320 Firewall Power LED Status
LED Status	Meaning	Possible Cause and Corrective Action
Green	Device is receiving power.	Normal indication. No action is required.
Amber	Indicates that the power button has been pressed and quickly released.	Normal indication. No action is required.
Off	Indicates that the device is not receiving power.	Verify that the AC power cord from the power source to the device is not damaged. If the insulation is cracked or broken, immediately replace the cord or cable. Ensure that the socket you plug in is in working condition. Ensure the device has an AC input voltage between 100 and 240 VAC. If you cannot determine the cause of the problem or need additional assistance, contact JTAC.

Using the RESET CONFIG Button

If a configuration fails or denies management access to the services gateway, you can use the RESET CONFIG button to restore the device to the factory-default configuration or a rescue configuration. For example, if someone inadvertently commits a configuration that denies management access to a services gateway, you can delete the invalid configuration and replace it with a rescue configuration by pressing the RESET CONFIG button.

Note:

The RESET CONFIG button is recessed to prevent it from being pressed accidentally.

The rescue configuration is a previously committed, valid configuration. You must have previously set the rescue configuration through the J-Web interface or the CLI. To press the RESET CONFIG button, insert a small probe (such as a straightened paper clip) into the pinhole on the front panel.

By default, pressing and quickly releasing the RESET CONFIG button loads and commits the rescue configuration through the J-Web interface or the CLI. The Status LED is solid amber during this time.
By default, pressing and holding the RESET CONFIG button for 15 seconds or more—until the Status LED is solid amber — deletes all configurations on the device, including the backup configurations and rescue configuration, and loads and commits the factory configuration.

Note:

Resetting the configuration does not trigger a reboot automatically. Thus, configuration changes that require a reboot, such as Ethernet switching configurations, do not take effect after you reset the configuration. As a result, connectivity to the device might be lost. For the configuration to take effect, power off and power on the device after resetting the configuration.

Changing the RESET CONFIG Button Behavior

You can change the default operation of the RESET CONFIG button by limiting how the button resets the services gateway:

To prevent the RESET CONFIG button from setting the device to the factory-default configuration and deleting all other configurations:

admin@host# set chassis config-button no-clear

You can still press and quickly release the button to reset it to the rescue configuration.
To prevent the RESET CONFIG button from setting the device to the rescue configuration:

admin@host# set chassis config-button no-rescue

You can still press and hold the button for 15 seconds or more to reset the gateway to the factory-default configuration.
To disable the button and prevent the device from resetting to either the factory-default or rescue configuration:

admin@host# set chassis config-button no-clear no-rescue

The no-clear option prevents the RESET CONFIG button from deleting all configurations on the services gateway. The no-rescue option prevents the RESET CONFIG button from loading the rescue configuration.

To return the function of the RESET CONFIG button to its default behavior, remove the config-button statement from the device configuration.

ON THIS PAGE