SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  How can I get the sessions table quikly?

    Posted 06-21-2018 02:14

    Hi guys,


    the customer would want to have a global and complete view about the network flows managed by a SRX firewall. to do that, I thought to get the sessions table periodically for a long period of time, for example one month, and then provide to him a good excel document with all sessions (source IP, destination IP, protocol and port) except the duplicates of course.


    If I use the "show security flow session node xx " command, the output doesn't finish, there are too many connections. the "show security flow session node xx summary" command, tell me that there is around 68.000 connections in use!


    is there a way to get the session table of this firewall quickly without using the "security flow session" command and without forcing the CPU? the customer manage each firewall through JunOS SPACE. can SPACE help me to reach my goal?

     

    let me know. thanks 😉



  • 2.  RE: How can I get the sessions table quikly?

     
    Posted 06-21-2018 19:06

    Hello,

     

    Try dumping the session table output locally using below command:-

     

    show security flow session | save /var/tmp/session-dump-1.txt

     

    Regards,

     

    Rushi



  • 3.  RE: How can I get the sessions table quikly?

    Posted 06-22-2018 06:11

    I tried to follow your tip, but unfortunately it didn't solve the issue. the SRX firewall can't write the sessions in the document quickly and when he writes, there is an high CPU utilization.

     

    I'm studing the widgets available in JunOS SPACE but unfortunately I have not the privileges to see the sessions information. I must talk with the customer about this.

     

    any other alternatives to get the sessions table quickly? about this point, chekpoint is very quikly than juniper. 



  • 4.  RE: How can I get the sessions table quikly?

     
    Posted 06-22-2018 17:01

    Hi 

     

    Have you checked on-box reporting feature on SRX ? check the below link for more details.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/security-on-box-reporting-understanding.html

     

    check if your platform/running Junos supports this nice feature, it also depends on qty of logs generated due to new sessions, so database table rotation is used to replace the oldest logs when the maximum record number has been reached, the limit is device specific. 

    Regards

    Red1



  • 5.  RE: How can I get the sessions table quikly?

    Posted 06-21-2018 20:30

    Hi Andrea,

     

    Junos Space -SD is one of coolest stuffs that juniper built . You can check the real time logs of your SRX in JSpace. 

    Esp if you have IPS/AppSecure/UTM..report dashboard is awesome.

     

    You can event enable the Application Volume tracking to also monitor most common applications they'r'e using.

    For more detailed info...  >  https://www.juniper.net/documentation/en_US/junos-space16.1/topics/concept/junos-space-overview-dashboard.html

     

    Hope this helps.