SRX

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Expand all | Collapse all

monitor traffic interface and show security flow session destination-prefix command differences?

  • 1.  monitor traffic interface and show security flow session destination-prefix command differences?

    Posted 11-02-2021 19:43
    I have a VPN and when I carry out the show security flow session extensive I see the traffic details from the interface the traffic entered to the nat, policy, route, exit interface, etc and it provide me a great deal of information that I need. 

    To further compliment this I want to also see the traffic from a monitor traffic interface perspective but that I'm not seeing. 

    After running the show security flow I identify the egress interface but I can't see that traffic with the monitor traffic interface. 

    the commands I run

    monitor traffic interface reth0.0

    ------------------------------
    Juan
    ------------------------------


  • 2.  RE: monitor traffic interface and show security flow session destination-prefix command differences?

    Posted 11-02-2021 19:46
    There are two very similar commands depending on the traffic you want to see.  the one you are using is for "self traffic" packets that are starting or ending on the Junos device itself.

    monitor traffic interface

    The other is for transit traffic, that is packets that come in one interface on the Junos device and exit on another one.  This is what you want for your application following a flow.

    monitor interface traffic

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------