SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Traffic Hitting to which Security policies?

    Posted 07-12-2011 14:28

    Hi Experts

     

    I want to know like in Cisco is there any command or way in JUNOS to know specific traffic is hitting to which policy for troubhshooting purpose?

     

    Thanks


    #troubleshooting


  • 2.  RE: Traffic Hitting to which Security policies?

     
    Posted 07-12-2011 14:49
    Hi, the "show security flow session" will show you which policy is being hit by traffic coming to/from a specific address/port.


  • 3.  RE: Traffic Hitting to which Security policies?

     
    Posted 07-12-2011 23:29
    And if you want to see the same information but not real time, you can add logging on your policies. (then log session-init/session-close)
    The most granular information you'll get by configuring traceoptions under [security flow].
    See this kb:
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB15779


  • 4.  RE: Traffic Hitting to which Security policies?

    Posted 07-13-2011 01:30

    Thanks for the input. Can we also know due to which security policy traffic is denied?

     

    Thanks



  • 5.  RE: Traffic Hitting to which Security policies?
    Best Answer

     
    Posted 07-13-2011 01:38

    Yes, both in flow traceoptions and policy logs.
    allowed traffic will have the prefix RT_FLOW_SESSION_CREATE, and denied traffic RT_FLOW_SESSION_DENY.
    You can redirect these lines to a specific file or host by configuring syslog matching on those patterns.

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB16261



  • 6.  RE: Traffic Hitting to which Security policies?

    Posted 07-13-2011 15:36
    @aeroplane wrote:

    I want to know like in Cisco is there any command or way in JUNOS to know specific traffic is hitting to which policy for troubhshooting purpose?

    Which Cisco function are you referring to?

     

    As has been mentioned, you can turn on policy logging and/or use traceoptions as well as "show security flow session" commands for current traffic.

     

    You can also use "show security match-policies ... " if you have a new enough version of Junos (10.3 or newer, I believe?) which is similar to a Cisco ASA style packet tracer.



  • 7.  RE: Traffic Hitting to which Security policies?

    Posted 07-18-2011 12:26

    Thanks for all. Could you please explain little bit:

     

    1- If I want to see the logs for a specific policy, how can I do this because "show log <log-file-name>" which is capturing the RT_FLOW_SESSION is showing logs for all policies.

     

    2- Could you please explain little bit "show security match-policies"

     

    Looking forward for the response

     

    Thanks



  • 8.  RE: Traffic Hitting to which Security policies?

    Posted 07-18-2011 12:57
    @aeroplane wrote:

     

    1- If I want to see the logs for a specific policy, how can I do this because "show log <log-file-name>" which is capturing the RT_FLOW_SESSION is showing logs for all policies.

    You can use the "match" filtering function of Junos to look for the specific policy name:

     

    show log traffic-log | match "Permit-Web-Traffic"

     ... for example.

    @aeroplane wrote:

     

    2- Could you please explain little bit "show security match-policies"

    It's fairly self-explanatory, but you can define criteria such as source and destination IPs and port numbers for a "test" packet, as if to ask the firewall, "What would happen if a packet that looked like this came through this device?"  You will see information such as what policy the packet would match, if it would be permitted or denied, etc.

     

    You can find more information under Chapter 6 in the Junos Security Admin Guide.  If you're running 10.3 or newer (and you probably should be on 10.4R4 or R5 as that's the recommended release) you can just try it out and see how it works.