SRX Services Gateway
Highlighted
SRX Services Gateway

Troubleshooting Network Spikes from the SRX

‎04-06-2018 05:20 AM

My office network connects as below. I see alot of intermediate network spikes to the internet. I suspect one of the servers is doing this. Is there a way I can pull these traffic from the SRX firewall and find out which server is doing this.

 

Servers==Core Switch==SRXFirewall==MX Router==Internet

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author Kchange07
‎04-18-2018 04:07 AM

Re: Troubleshooting Network Spikes from the SRX

‎04-14-2018 08:32 AM

show security flow sessions

 

will give you the active sessions if you can get on during the event.  These include data on the packet flow for the sessions.

 

you can also restrict this using source-prefix if you want to narrow in on suspected targets.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: Troubleshooting Network Spikes from the SRX

‎04-14-2018 11:42 AM

Except the on box "show security flow session" that Steve mentioned - you might use NetFlow for this.

Seting up a simple netflow analyzer is not a very difficult task. The setup consist of SRX configuration making it send statistical data to the tool (analyzer) runing on one of your hosts (might be even your Windows workstation). The SRX setup is quite simple. Thera are some free NetFlow analyzers out there you can use. (I use Solarwinds).

 

Regards,

Pawel Mazurkiewicz

Feedback