SRX

last person joined: 19 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  how to check which policy a traffic will match on SRX1400

    Posted 02-04-2015 06:28
    i perform ping 10.10.10.1 source 20.20.20.5 the traffic will past through my FW, how can i check which policy the traffic will match . what is more ,i see a command like this . my problem is if i use ping ,what is the source port and destination port show security match-policies source-ip 10.10.10.1 destination-ip 20.20.20.5 source_port 1004 destination_port 80 protocol tcp result_count 5


  • 2.  RE: how to check which policy a traffic will match on SRX1400
    Best Answer

     
    Posted 02-04-2015 06:57

    Hello.

     

    you can use any number for source/destination port number for ICMP.  Since ICMP has no port numbers, SRX uses the ICMP sequence# as the port number, which can aid in troubleshooting.

     

    for example:

     

    show security match-policies protocol 1 source-ip 10.10.10.1 destination-ip 20.20.20.5 from-zone <zone> to-zone <zone> source-port 1111 destination-port 1111

     

    Regards,

    Sam 



  • 3.  RE: how to check which policy a traffic will match on SRX1400

    Posted 02-06-2015 00:42

    thanks a lot