Junos
Reply
Contributor
Iglu
Posts: 69
Registered: ‎11-12-2008
0

Logging for blocked traffic

Hi

I know how to use the monitor traffic command to see which traffic is in for the router J6350.

But if I want to see the traffic passing the firewall do I have to use the tcpdump on the Solaris level?

And how can I see traffing permitted or blocked by the firewall policy?

 

Any idea

 

best regards

IGLU

Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: Logging for blocked traffic

Based on your last post, I am assuming that you have JUNOS with enhanced services. Monitor traffic will only see traffic to and from the RE side of the J-series. That basically means traffic destined to the router itself. You would not see transit traffic even if you were to drop to shell and use tcpdump. 

 

You can configure packet-capture, though. This is a feature specifically for J-Series which can let you capture transit traffic in PCAP format. Refer to J-Series Administration Guide for details.

 

To view policy lookups, etc. you can enable flow traceoptions. You can also enable policy logging as well. Refer to JUNOS with enhanced services application notes for details on flow traceoptions. Also refer to KB10112 for details on enabling logging on policies.

 

-Richard

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.