Logging for blocked traffic

01.08.09   |  
‎01-08-2009 11:20 AM


I know how to use the monitor traffic command to see which traffic is in for the router J6350.

But if I want to see the traffic passing the firewall do I have to use the tcpdump on the Solaris level?

And how can I see traffing permitted or blocked by the firewall policy?


Any idea


best regards



Re: Logging for blocked traffic

01.08.09   |  
‎01-08-2009 12:23 PM

Based on your last post, I am assuming that you have JUNOS with enhanced services. Monitor traffic will only see traffic to and from the RE side of the J-series. That basically means traffic destined to the router itself. You would not see transit traffic even if you were to drop to shell and use tcpdump. 


You can configure packet-capture, though. This is a feature specifically for J-Series which can let you capture transit traffic in PCAP format. Refer to J-Series Administration Guide for details.


To view policy lookups, etc. you can enable flow traceoptions. You can also enable policy logging as well. Refer to JUNOS with enhanced services application notes for details on flow traceoptions. Also refer to KB10112 for details on enabling logging on policies.