Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Troubleshoot the SRX4700

Troubleshooting SRX4700 Firewalls includes recognizing alarm types and alarm severity classes and resolving the error conditions that trigger alarms.

SRX4700 Firewall Troubleshooting Resources

To troubleshoot a firewall, use the Junos OS CLI and LEDs on the chassis:

  • LEDs—When the firewall detects an alarm condition, the status LED on the front panel glows red.

  • CLI—The CLI is the primary tool for controlling and troubleshooting hardware, Junos OS, and network connectivity. Use the CLI to display more information about alarms. CLI commands display information about network connectivity derived from the ping and traceroute utilities. For information about using the CLI to troubleshoot Junos OS, see the appropriate Junos OS configuration guide.

  • JTAC—If you need assistance during troubleshooting, you can contact the Juniper Networks Technical Assistance Center (JTAC) by using the Web or by telephone. If you encounter software problems, or problems with hardware components not discussed here, contact JTAC.

Chassis Component Alarm Conditions on an SRX4700 Firewall

You can monitor chassis alarms through the ALM LED. When the firewall detects an alarm condition, the ALM LED on the front panel glows and the level of severity can be either major (steady red), minor (yellow), or both major and minor (blinking red). To view a more detailed description of the alarm cause, issue the show chassis alarms and show system alarm commands.

Table 1: Alarms for Firewall Chassis Components

Component

Alarm Conditions

Action

Alarm Severity

Fan

At least one of the fans has failed.

  • Check and adjust the room temperature, if possible.

  • Check the airflow and ensure that the airflow through the firewall is unobstructed.

  • Replace the failed fan module to avoid failure of the other fan modules.

  • Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Steady red (major)

The firewall chassis temperature is too warm.

  • Check the room temperature.

  • Check the airflow.

  • Run all fans at full speed.

  • Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Yellow (minor)/Red (major)

Missing fan module

Install the missing fan module.

Red (major)

Fan overspeeding

  • Check whether the fan is spinning at a speed higher than the configured speed.

  • Replace the fan module as it is likely to fail.

Yellow (minor)

Fan spinning below its speed

  • Check whether the fan is spinning at a speed lower than the configured speed.

  • Replace the fan module as it is likely to fail.

Yellow (minor)

Impeding fan failure

Replace the fan module.

Yellow (minor)

Power supply unit (PSU)

A PSU has failed.

Replace the PSU.

Steady red (major)

A PSU is not present.

Install a PSU in the empty slot. The firewall requires two PSUs to be installed.

Power cord is not connected.

Verify and ensure that the power cord is connected properly.

PSU fan failure.

As this is a non-recoverable fault, replace the PSU.

Yellow (minor)

Input voltage failure on the PSU

  • Check whether the voltage of the power source is in the operating range.

  • Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Red (major)

PSU drawing more current than it should

Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Yellow (minor)

Unrecognized PSU

Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Red (major)

PSU not powered on.

Connect the PSU to the power source.

Red (major)

PSU internal devices failure.

  • Replace the PSU.

  • Open a support case using the Case Manager link at https://www.juniper.net/support/ or call 1-888-314-5822 (toll-free within the United States and Canada) or 1-408-745-9500 (from outside the United States).

Red (major)

Mix of AC and DC PSUs installed.

Check whether all the PSUs installed are of the same type.

Yellow (minor)

SSD

SSD detection failure

  • Check whether the SSD slot is receiving power.

  • Check whether the SSD initialization in BIOS is failing.

  • Replace the faulty SSD.

Yellow (minor)

SSD runtime read/write fault

  • Check whether there is any issue with the PCIe.

  • Check whether the SSD initialization is failing.

  • Faulty SSD.

  • Replace the faulty SSD.

Yellow (minor)

SSD file system corrupted

  • Check whether there is any issue with the SSD subsystem.

  • Check whether power to the firewall was abruptly removed.

  • Check whether the firewall experienced non-graceful shutdown or reset..

  • Recover or reimage the SSD.

Yellow (minor)

USB

USB device not detected

  • Check whether the USB slot is receiving power.

  • Check for the port-level failures.

  • Check whether the USB is faulty, and replace it if it is faulty.

Yellow (minor)

Troubleshoot the SRX4700 Firewall Cooling System

Problem

Description

A single fan module or fan modules are not functioning normally.

Solution

Follow these guidelines to troubleshoot the fan modules:

  • Check the LEDs on the fan module and alarm LEDs on the front panel of the firewall.

  • If the alarm LED on the front panel of the firewall is lit, use the following CLI command to get information about the source of an alarm condition: user@host> show chassis alarms.

    If the CLI output lists only one fan failure, and the other fans are functioning normally, the fan is most likely faulty and you must replace the fan tray.

    If the fan tray is removed, a minor alarm or a major alarm is raised.

  • Place your hand near the near the fan modules to determine whether the fans are pushing air out of the chassis.

  • The following conditions automatically cause the fans to run at full speed and also trigger the indicated alarm:

    • A fan fails (major alarm).

    • The firewall temperature exceeds the “temperature warm” threshold (minor alarm).

    • The temperature of the firewall exceeds the maximum (“temperature hot”) threshold (major alarm and automatic shutdown of the power supplies).

Troubleshoot the SRX4700 Firewall Power System

Problem

Description

The power system is not functioning normally.

Solution

  • Check the LEDs on each power supply unit (PSU) faceplate. If an AC PSU or a DC PSU is correctly installed and functioning normally, then the LEDs glow steadily.

    For more information about PSU LEDs, see SRX4700 Power System.

  • Use the CLI show chassis environment pem command to check the status of the installed PSUs.

If a PSU is not functioning normally, perform the following tasks to diagnose and correct the problem:

  • If a red-alarm condition occurs, use the show chassis alarms command to determine the source of the problem.

    Note:

    If the system temperature exceeds the red-alarm threshold, Junos OS shuts down all the PSUs so that no status is displayed.

    Junos OS also can shut down one of the PSUs for other reasons. In this case, the remaining PSUs provide power to the firewall, and you can still view the system status through the CLI or J-Web interface.
    Note:

    The firewall shuts down automatically if the device temperature exceeds the red-alarm threshold.

  • Check that the AC input switch () or DC circuit breaker (|) is in the on position and that the PSU is receiving power.

  • Verify that the source circuit breaker has the proper current rating. Each PSU must be connected to a separate source circuit breaker.

  • Verify that the AC power cord or DC power cables from the power source to the firewall are not damaged. If the insulation is cracked or broken, immediately replace the cord or cable.

  • Connect the PSU to a different power source with a new power cord or power cables. If the PSU status LEDs indicate that the PSU is not functioning normally, then the PSU is the source of the problem. Replace the PSU with a spare, as described in SRX4700 Power Supply Maintenance.

  • Verify that the PSU is functioning properly by checking the status of PSU LED. For more information, see SRX4700 Power System.

  • If you cannot determine the cause of the problem or need additional assistance while troubleshooting a firewall, open a support case using the Case Manager link at: https://www.juniper.net/support/ , or call 1-888-314-JTAC (within the United States) or 1-408-745-9500.

Reboot the Firewall Using the RESET Button

To troubleshoot the firewall, you might need to reboot it. To reboot the SRX4700 Firewall, press and hold the RESET button for less than 5 seconds.

CAUTION:

Do not press and hold the RESET button for more than 5 seconds.