SRX Services Gateway
Highlighted
SRX Services Gateway

SRX320, apps and graphs

[ Edited ]
‎01-10-2020 07:56 AM

I'm testing features of the SRX to see if it can provide us an alternative to our current router selection.

 

System is up and running,  consisting of a vSRX with trial licenses, Sky enterprise, and i already blocked some things like Linkedin and Youtube as a test.

(I have a physical SRX320 too, but no special licenses to play with it)

 

Anyway, we love graphs, as bandwith is often very limited.

If I open sky enterprise, and go to the device -> interface graps, there's a nice bandwith graph, but "apptrack data" remains empty.

 

On the web interface of the SRX itself, the graps regarding apps do not get filled with data either. I assume this is because it's based upon "app firewall" which is not longer being used?

 

The only way I get a good view on apps and their usage is in monitor -> secuity services -> app tracking.

Shows me a list of apps and their sessions, KB, and % of total. Pretty much the things we're looking for.

(would also love to visualize app bandwith against time. to see if a certain website or app is saturating the line)

 

Is there any way of getting this info into sky enterprise?

I've been reading about the log settings and streaming the files to an external location. But no option to have it added to Sky Enterprise.

 

Bit by bit i'm getting furter, but there's quite a learning curve before everything works. Licenses and their functions are also a bit confusing.

For example, junos:youtube and junos:linkedin in the dynamic application filter do work directly. But junos:openvpn did not. Even adding a custom app with udp and external port 1194 as a filter did not catch it somehow.

 

 

 

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: SRX320, apps and graphs

‎01-10-2020 08:34 AM

Hi!

Firstly, here is your SkyEnterprise one stop techie shop! https://www.juniper.net/documentation/product/en_US/juniper-sky-enterprise

Now onto the task at hand!

Basically, SkyEnterprise is a cut down version of on-premise JunOS Space and JunOS Security Director in the cloud.

AppTrack Analyzes application data and classifies it based on risk level, zones, source and destination addresses. Tracks application usage to identify high-risk applications and analyze traffic patterns, improving network management and
control. It will be empty because there isn't any high-risk apps or traffic patterns identified I would assume.

I think that answers everything, if there is anything else reply and let me know 🙂

 

KR
Adam

~~~~~~~~~~~~~~~~~~~~~~~
- Please Kudos if you found my response helpful
- Please accept my response as a 'Accepted Solution' if it solved your query
Highlighted
SRX Services Gateway

Re: SRX320, apps and graphs

‎01-12-2020 11:30 PM

Thanks Adam,

 

Well there are no virusses running around AFAIK, as only my Laptop is connected. And I havn't set up a lot of filtering yet. But on the j-web I've got this attached graph for example, and I hoped the Skyenterprise could show similair graphs. As it pretty much shows us where the bandwith is being used for.

 

IIRC those graphs are based on the traffic logs, which eventually can be streamed to a external server for analysis. Maybe that's the best way for in-depth analysis of traffic.  But a quick view in Sky Enterprise would be nice.

Attachments

Highlighted
SRX Services Gateway

Re: SRX320, apps and graphs

‎01-13-2020 03:33 AM

Hi Ferry,

 

Oh, I see where you are coming from here and to be fair I'm a little stumped here too. As the data is being collected and displayed in JWEB on the vSRX and somehow isn't getting pushed to SkyEnterprise despite the data being collected and the devices are in SkyEnterprsie...

 

I've searched the TechDocs and KBs with nothing here about manually having to push AppSecure or any of the parts within AppSec into SkyEnt to enable to data to stream...

 

I'm going to have to unfortunately bow out here and leave it to more SkyEnt knowledgable people or ask you to go to JTAC as this seems to be a potential backend issue.

 

KR
Adam

~~~~~~~~~~~~~~~~~~~~~~~
- Please Kudos if you found my response helpful
- Please accept my response as a 'Accepted Solution' if it solved your query
Feedback