SRX Services Gateway
Highlighted
SRX Services Gateway

Analyzing traffic between VLAN's

‎08-07-2014 05:48 AM

I'm wondering what's best way to analyze traffic between VLAN's on a SRX3600 cluster to get an idea what traffic is flowing so that i can build the security policy accordingly. Any hints on how to to that or perhaps there are any tools you can suggest?

 

Any feedback is appreciated.

 

Thank you and have a nice day.

 

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: Analyzing traffic between VLAN's

‎08-07-2014 12:52 PM

In these situations I generally create an allow all type policy with logging turned on.  Then let it run for a few days and have a look at what the traffic hitting the policy looks like.

 

From here you can then build specific rules to permit the desired traffic.  you then place these rules above the initial allow all rule.

 

A few days later you pull the new logs from the allow all policy and repeat the process to make specific rules.

 

Once you reach the point where there is either no traffic hitting the allow all rule or that the only traffic hitting the rule is that which you want to deny, you change the action from permit to deny on that rule.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Analyzing traffic between VLAN's

‎08-07-2014 10:38 PM

Exactly that was my intention but i'm just wondering if there are any tools what can parse the logs and output some sort of summary.

Highlighted
SRX Services Gateway

Re: Analyzing traffic between VLAN's

‎08-08-2014 02:56 AM

I have just been dumping the logs to excel and use the data filters and sorting to figure out the ranges and port groupings.

 

We did look at commercial solutions from Algosec, Firemon and Tuffin for these types of situations this past year.  Algosec looked like the best option to our group.   But we never got funding yet for the tool.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Analyzing traffic between VLAN's

‎08-08-2014 11:19 PM


Hi mz88,


I have not tested this JFLOW feature but it may help you:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16677

or enable session logging on the security policy and configure Stream based security logging and send the logs to syslog server.

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16509

based on the logs collected may be for a week , extract information using syslog server and accordingly configure security policy


Regards
rparthi
 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too