ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Traffic flow analysis on SSG 140

02.15.09   |  
‎02-15-2009 04:27 PM

Hi,

 

I am looking for a way to monitor traffic flows passing through SSG 140. (like Cisco Netflow, JUNOS Jflow)

As I learned from KB J-flow is not running on ScreenOS, but is there any other way to figure out who is consuming the most bandwidth on the untrust interface?

 

Thanks

10 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 06:31 AM

Hi,

 

I just came across the same issue. I found an option for real time traffic monitoring from solarwinds:

http://www.solarwinds.com/products/orion/nta/index.aspx

I still have issues configuring it but this should work.

 

Is it possible to install JUNOS on an ssg140?

ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 06:42 AM
JUNOS will not run on an SSG140
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 06:58 AM

Hi,

 

So without external solutions is there any way to get J-flow from an ssg140?

ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 07:04 AM
J-Flow is not supported on ScreenOS at all.
Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 07:06 AM
Thanks,
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

[ Edited ]
02.19.09   |  
‎02-19-2009 07:12 AM

Hi,

 

Muttbarker, Is there any other way to monitor real time traffic flow on an ssg140 without relying on 3rd party sw? (top talkers, real time traffic stats, etc)

Message Edited by AT-SA on 02-19-2009 07:28 AM
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 07:51 AM

Well - one solution that comes to mind (besides buying NSM or STRM) - you could configure a policy for the traffic you care about. You could then enable session logging which would push the flows to the Syslog and then you could parse that out with a report writing tool.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

02.19.09   |  
‎02-19-2009 02:30 PM

The Solarwinds Traffic analyzer is a great tool, but it requires Netflow or Jflow running on a router/firewall/MLS etc.

If I guess correct, the analyzer simply pull the data stored on the Netflow/Jflow devices and display it on a graphic style, there are plenty of products can do that. e.g, if you can capture what you need using wireshark, you can display it in a graph with clearsight or some other products.

 

At this stage, the only solution i can think of is network tap.

ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

12.04.09   |  
‎12-04-2009 06:07 PM

I just found a piece of software (www.sawmill.net) that pretends to be able to read and analyse Networks NetScreen Traffic format... I'll check it out soon...

 

 

ScreenOS Firewalls (NOT SRX)

Re: Traffic flow analysis on SSG 140

12.06.09   |  
‎12-06-2009 05:35 PM

Can not understand your part in saying: config a policy, and like mirroring the traffic into the syslog server. Is possible to setup an example?

 

Thanks for any infors.