Hey guys, over the past few months I have created some SRX templates we use at work that have been helpful in tracking issues. Thought I would share them with the community, they have been tested on the SRX 3000 and SRX 200 series, they should work on any SRX Firewall however.
SNMP for SRX Central Point
------------------------------
This template goal is to gather interesting information about Juniper SRX Central Point.
This monitors all incoming sessions (also known as flows) before handing them off to an SPC card. For more information on this process please see http://www.juniper.net/techpubs/en_US/junos10.4/topics/concept/session-flow-central-point-for-srx-series-understanding.html.
Installing
----------
1) Please copy the file juniper_srx_central_point.xml to <cacti directory>/resources/snmp_queries
2) Import provided template(s) into cacti http://www.cacti.net/downloads/docs/html/template_import.html
Graphs
------
CP Sessions
Displays the total amount of active sessions on an SRX unit, please not "max sessions" will generally be 0 on branch devices as this value means no-limit. Datacenter SRX units have this capped unless a license is purchased.
CP Sessions Per Second
Shows the rate of sessions being created in an SRX device.
SNMP for SRX Services Processing Unit
-----------------------------------------
This template goal is to gather interesting information about Juniper SRX Services Processing Units.
This monitors all active sessions (also known as flows) on each SPC and the CPU/Memory statistics of each card. This template should work for all models of Juniper SRX devices, even though branch models don't have a physical card they have built-in SPC processes and will show the same information.
Installing
----------
1) Please copy the file juniper_srx_services_processing_unit.xml to <cacti directory>/resources/snmp_queries
2) Import provided template(s) into cacti http://www.cacti.net/downloads/docs/html/template_import.html
Graphs
------
SPU Flow Sessions
Displays the total amount of active sessions on an SPU unit and its maximum capacity. On branch devices there will only be 1 while datacenter models can have multiple cards installed.
SPU CPU
Shows CPU utilization percentage of each SPU card.
SPU Memory
Shows Memory utilization percentage of each SPU card.
SNMP for SRX Security Policies
------------------------------
This template goal is to gather interesting information about Juniper SRX security policies. In order for this data to populate each policy monitored must have counters enabled. This is accomplished by enabling "then count".
http://jsrx.juniperwiki.com/index.php?title=Policies#Then_Action
You can validate this from cacti by looking at the "Stats Availability" before making the graph. This should equal 1 for data to populate. If your device is not set to count this value will equal 2.
SNMP MIB Reference
http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-collections/config-guide-network-mgm/mib-jnx-js-policy.txt
Installing
----------
1) Please copy the file juniper_srx_security_policy.xml to <cacti directory>/resources/snmp_queries
2) Import provided template(s) into cacti http://www.cacti.net/downloads/docs/html/template_import.html
Graphs
------
Security Policy Lookups
Shows the amount of policy lookups that occurred on the security policy.
http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/security-user-role-policy-lookup-understanding.html
Security Policy Sessions
Shows the number of current active sessions (also known as flows) that a Security Policy is currently using.
Security Policy Traffic
Displays the amount of traffic currently being processed by a Security Policy. Please note if the policy is set to drop traffic you will only get Inbound data since the policy drops the outbound traffic (like it should :])
Security Policy Packets
Same as Traffic graph but instead of Bits per Second this is showing Packet per Second on a Security Policy.
Attached are each template, also threw it up on GitHub https://github.com/scline/CactiTemplate_JuniperNetworks
Enjoy! :]