SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 12-29-2011 07:52

    In previous versions of code I was able to obtain data from the "jnxJsPolicies" (oid=1.3.6.1.4.1.2636.3.39.1.4) portion of the SRX MIB.  This data seems to no longer be available in 11.4R1.6.  I was specifically getting data from the jnxJsPolicyStatsTable (oid= 1.3.6.1.4.1.2636.3.39.1.4.1.1.3).  Is there now a setting that prevents this data from being made available automatically?  Can it be enabled?

     

    Policy Mib: http://www.juniper.net/techpubs/en_US/junos11.4/topics/concept/mib-policy-objects-junos-overview.html

     

    PolicyStatsTable: http://www.juniper.net/techpubs/en_US/junos11.4/topics/reference/general/jnxjspolicystatstable-nm-mib.html



  • 2.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 12-29-2011 08:51

    So the second link for the jnxJsPolicyStatsTable contains this statement:

     

    "jnxJsPolicyStatsTable, whose object ID is {jnxJsPolicyObjects 3}, exposes the security policy statistics entries listed in Table 1. These statistics can be enabled and disabled by configuration on a per-policy basis."

     

    ...but I can't find any command on a per-policy basis to support this.  Anyone?



  • 3.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-04-2012 07:52

    Additional information...

     

    I also noted that the mib information is not available directly from the CLI:

     

    admin@srx100h> show snmp mib walk decimal .1.3.6.1.4.1.2636.3.39.1.4



  • 4.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 03-31-2012 11:28

    Bump!

     

    Anyone, this is still not availalbe in 12.1R1.9 or am I misreading the documentation?  Can anyone confirm the same behaviour.



  • 5.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 10-14-2012 20:22

    I was missing the BGP4 MIB with 11.4R3 but restarting the SNMP daemon fixed the issue for me.

     

    > restart snmp

     

     



  • 6.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-18-2013 10:37

    I have run into the same issue on my SRXs. I am running 11.4:

     

    show snmp mib walk 1.3.6.1.4.1.2636.3.39.1.4

     

    This command returns no results. I would expect to see everything in teh jnxJsPolicies mib tree.
     Does anyone know how to enable this MIB, or perhaps update the firewalls MIB?

     

    Thanks in Advance!

     

     



  • 7.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-18-2013 11:08

    Would be nice, but I haven't yet found a solution.  I'm now running 12.1R4.7 and this MIB is still unavailable.



  • 8.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-18-2013 11:26

    Is there a way to refresh the supported MIBs on a SRX?



  • 9.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-21-2013 14:35

    Bumped - Hopefully we can get an answer on why they are missing. I looked in the docs and they should be available.



  • 10.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6
    Best Answer

    Posted 01-21-2013 15:03

    Found answer:

     

    Juniper changed how policy SNMP lookups work with logical systems after 11.2. See this KB article: KB23155

    The fix is to take your SNMP read community string and add "default@" in front of it. For example default@public. This is for the default logical system.



  • 11.  RE: SNMP MIB Data for Security Policy Missing in 11.4R1.6

    Posted 01-22-2013 06:36

    Awesome it works perfectly on 12.1R4.7.  Glad to know the KB was published on 18-Dec-2012 and hasn't been sitting out there too long!