FTP on Juniper MX Series – Configuration and Setup

juniperjuniper-junostftp

Has anyone successfully used FTP on a Juniper Device. reading their documentation, the method of using it is:

file copy <source> <destination>

in my case:

file copy /var/tmp/testdoc ftp://user:pass@hostname/user/home/

But I keep getting the following error:

fetch: ftp://user:*@hostname/user/home/: File unavailable (e.g., file not found, no access)
error: put-file failed
error: could not send local copy of file

I know the file is available, and it can see it because when i change the file name in the command (put in a non-existent file), it says no such file or directory exists.

I have tried it the other way around as well (from the server to the rotuer) but I get error: file-fetch failed instead.

This is extremely frustrating as there is no documentation on this error.

EDIT: The FTP is between the Juniper router and a Linux server.
I also tried going down to the file name itself:
file copy /var/tmp/testdoc.txt ftp://user:pass@hostname/user/home/testdoc.txt

Best Answer

Before attempting to copy your file, you should first create the file on the server where it is being copied, set permissions so that it can be overwritten, and specify it in the copy path. Please also check that you have that directory accessible via ftp.

touch testdoc.txt
chmod 777 testdoc.txt

(Example permission You may want to be more restrictive)

file copy /var/tmp/testdoc.txt ftp://user:pass@hostname/user/home/testdoc.txt

Alternatively you can also use ftp in the following way (again following creation and permissions set):

From Server:

ftp juniperdevice.mynetwork.net
get /var/tmp/testdoc.txt testdoc.txt
quit ftp

Additional items to check:

That your MX device is properly configured for name lookups.
That your MX device is configured for FTP http://www.juniper.net/documentation/en_US/junos15.1/topics/task/configuration/ftp-remote-access-configuring.html
That your server is configured for FTP.

Official Documentation: http://www.juniper.net/documentation/en_US/junos15.1/topics/reference/command-summary/file-copy.html

Related Solutions

What are some workarounds / fixes for UTM/IDP on Junos 12.1X44-D10.4 for SRX Series branch devices

It appeared this was an easy fix (I also tried 12.1R6.5 and 12.1X44-D11.5, to no avail).

First, I looked at the version of the signature DB that it's trying to download (2263):

 netops> request security idp security-package download check-server    
 Successfully retrieved from(https://services.netscreen.com/cgi-bin/index.cgi).
 Version info:2263(Detector=12.6.160130325, Templates=2263)

Then, I decided that this is possibly an actual bad md5 checksum (per what Junos expects), and I downloaded the previous version, 2262:

 netops> request security idp security-package download version full-update 2262    
 Will be processed in async mode. Check the status using the status checking CLI

It worked! I've had to do something similar on Netscreen, but it's been a while. I turned off automated updates, and I can get back to studying.

 netops> request security idp security-package download status    
 Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi).
 Version info:2262(Tue May 14 16:27:00 2013 UTC, Detector=12.6.160130325)

Now that the download is finished, everything is installing properly:

 netops> request security idp security-package install          
 Will be processed in async mode. Check the status using the status checking CLI

 netops> request security idp security-package install status 
 In progress:performing DB update...

 netops> request security idp security-package install status    
 In progress:performing DB update for an xml (groups.xml)

 netops> request security idp security-package install status
 In progress:performing DB update for an xml (applications.xml)

 etc.

 netops> request security idp security-package install status    
 Done;Attack DB update : successful - [UpdateNumber=2262,ExportDate=Tue May 14 16:27:00   2013 UTC,Detector=12.6.160130325]
 Updating control-plane with new detector : successful
 Updating data-plane with new attack or detector : not performed
  due to no active policy configured.

I'm thinking that this is either a bug in SRX110H-VA, a combination of hardware/software release, or bad signature updates on services.netscreen.com. I'm pretty sure that I could just look through the XML, and figure out where the bad md5sum is (and fix it by hand), but I'll follow up once I hear back from Juniper.

Newest edit: I also had to manually download the policy template from Juniper, extract it with gzip -d templates.xml.gz, and place it in /var/db/idpd/sec-download/sub-download/. Once that was done, I was able to install it. The issue here is that the request security idp security-package install policy-templates command does not take a 'version', like the other idp commands. This will always be an issue when the head IDP policy has md5 errors, although I would hope that this isn't a frequent occurrence at Juniper.

 netops> request security idp security-package install policy-templates 
 Will be processed in async mode. Check the status using the status checking CLI

 netops> request security idp security-package install status              
 Done;policy-templates has been successfully updated into internal repository
 (=>/var/db/scripts/commit/templates.xsl)!

Blocking IPv6 RA advertisements on Juniper EX series switch

The support for this feature looks a bit spotty depending on which version of Junos you're running. You could try this:

term block-ra {
    from {
        icmp-type router-advertisement;
    }
    then {
        discard;
    }
}

Best Answer

Related Solutions

What are some workarounds / fixes for UTM/IDP on Junos 12.1X44-D10.4 for SRX Series branch devices

Blocking IPv6 RA advertisements on Juniper EX series switch

Related Topic