Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to save the full memory dump to a USB drive for SSG platform



Article ID: KB12496 KB Last Updated: 18 Apr 2017Version: 11.0

This article provides information on how to save a core file to a USB drive.  This only applies to SSG devices, and does not apply to ISG or NS5000 platform.  Please see KB7405 for procedure on ISG and NS5000 platform.

This article applies to ScreenOS 6.0 and later.


By default, a core file is displayed on the firewall console. Sometimes, the core file does not include enough information to allow Engineering to identify the root cause of a crash. When that happens, Engineering may ask you to generate/collect a full core file for analysis. If the firewall crashes, the trace dump file can be automatically written to a USB memory drive, instead of the console display.


To generate a full core file, perform the procedure below:

  1. View the USB properties and confirm that the format of the flash drive is FAT (FAT16). If it is not, format the USB flash drive to FAT (FAT16).

    Using any other file partition on USB returns the following error:

           SSG-> set core-dump usb full coredump.bin 500
           Wrong FAT format, please make sure use FAT16.

  2. Plug the USB flash drive into the USB slot on the SSG and then verify that ScreenOS recognizes and mounts it, as in the example below:

    LEXAR MEDIA JUMPDRIVE, rev 1.10/0.01, addr 2, SCSI over Bulk-Only

    Mount usb device. Please wait...
    usb device (usb) ready.
  3. On the Juniper firewall, from the CLI, run the following commands:

    set core-dump usb full coredump.bin 500

    In response, you should see the following message:

    Begin creating file in usb, may take few minutes...

    Note: Step 3 is just for creating a file where core dump will be written when generated on firewall.

    In an example described above, a file, namely coredump.bin with size 500 MB, is created. This 500 MB described in the example should cover most case. However, if preferred, it is good to create a file with half size of memory usage; (look for allocated memory by issuing the command get memory). Creating a file with smaller size is faster, but it could be insufficient to record needed data when a crash recurs.  

    File creation can take a long time to complete, and can cause the firewall to become unresponsive during the task. For example, on an SSG140 running 6.3r12 in a lab test, it once took 15-20 minutes to create a file size set to 240 MB. During this time, a telnet connection attempt to the firewall failed to log in because the response was too slow. Thus, it is recommended that you perform a failover first and install the USB on the backup firewall. After the file is created, you can failback and pass traffic through the device on which the USB stick is installed.

    Similarly, the generation of the core file when a crash occurs will also take some time to complete, and will in turn cause the firewall to reboot later than expected. For a cluster environment, this should not be a problem. In the same SSG140 lab test described just described, a core file generated approximately 105 MB of data before completion, which took 8-10 minutes.

    It is possible to work around the impact of file creation by running this step from another, non-critical firewall. However, because the hostname is recorded as part of the filename, the other firewall must have the same hostname when the step is run (you can verify the result with the command get file). After the hostname is changed, swap the USB stick to the desired firewall (remember to run exec usb stop before removing the stick), and run set core-dump usb... with the same credentials. The existing file will be accepted. The file will not need to be recreated.

  4. Issue the command get file to verify that the file has been created:

    USB flash device :
        usb:/SSG550_coredump.bin 104857600
  5. If the firewall crashes again, it should write the file to the USB flash drive.

    Note: Do not interrupt this write process with any keystroke. The firewall will display the message Core dump done! after it has finished recording core dump data to the USB stick, and will reboot on its own.
  6. After the core file is generated, remove the USB stick from the firewall. To safely remove the USB, run the following command:

    exec usb-device stop
Modification History:

2017-04-09: Added example error in step 1 of the solution.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search