Shared Services- Juniper Firewall health check

  1. Log into the Juniper firewall using Putty or another SSH client ( and your S2 account
  2. Run the following two commands.  The output from each is the health check.

              show system processes summary (If you do NOT see an idle %, there is an issue.  Let Dewey know)

              show chassis routing-engine

The number you are most interested in is the idle time on the active node (Node 0).   Subtract the idle time from 100 to get the active time. If the active time is above 90%, we may have an issue and need to monitor more closely/look at what is using the CPU.  If the Active time is below 70% this may also be an issue, check the active time on Node 1 and use the command below to determine if the firewall has failed over.

                show chassis cluster status (node0 is the primary for Redundancy group 0 & 1.  node 1 is the primary for Redundancy group 2).  If this is not the case, then it has failed over.

Performing a health check on the Juniper Firewall.


Article ID: 2337
Mon 5/10/21 2:36 PM
Mon 11/7/22 10:59 AM