SRX

Expand all | Collapse all

Troubleshooting Network Spikes from the SRX

Jump to Best Answer
  • 1.  Troubleshooting Network Spikes from the SRX

    Posted 04-06-2018 05:21

    My office network connects as below. I see alot of intermediate network spikes to the internet. I suspect one of the servers is doing this. Is there a way I can pull these traffic from the SRX firewall and find out which server is doing this.

     

    Servers==Core Switch==SRXFirewall==MX Router==Internet



  • 2.  RE: Troubleshooting Network Spikes from the SRX
    Best Answer

     
    Posted 04-14-2018 08:33

    show security flow sessions

     

    will give you the active sessions if you can get on during the event.  These include data on the packet flow for the sessions.

     

    you can also restrict this using source-prefix if you want to narrow in on suspected targets.

     



  • 3.  RE: Troubleshooting Network Spikes from the SRX

    Posted 04-14-2018 11:43

    Except the on box "show security flow session" that Steve mentioned - you might use NetFlow for this.

    Seting up a simple netflow analyzer is not a very difficult task. The setup consist of SRX configuration making it send statistical data to the tool (analyzer) runing on one of your hosts (might be even your Windows workstation). The SRX setup is quite simple. Thera are some free NetFlow analyzers out there you can use. (I use Solarwinds).

     

    Regards,

    Pawel Mazurkiewicz