Junos OS

Expand all | Collapse all

Best Way To Identify Unsuccessfully Connections

Jump to Best Answer
  • 1.  Best Way To Identify Unsuccessfully Connections

    Posted 01-06-2021 09:18

    I just had a quick question. Is it possible to see unsuccessfully connections in an SRX345? 

    Unsuccessful because the firewall rule to allow them isn't set up, and then filter those by destination IP if you knew it 

    ​I had an issue which Microsoft helped fix. I was getting intermittent 502 errors because I hadn't included 1 of  2 IPs in the firewall rules. MS were able to easily spot it with the extra logging tools they have their end.

    ​So I was wondering if it was something I could spot as well

    ​From on-prem to Azure

    Allowed: 10.1.1.5

    Was Blocked: 10.1.1.7



  • 2.  RE: Best Way To Identify Unsuccessfully Connections
    Best Answer

     
    Posted 01-06-2021 11:21
    Try this: 

    set security flow traceoptions file <filename>
    set security flow traceoptions flag basic-datapath
    set security flow traceoptions packet-filter ....

    https://kb.juniper.net/InfoCenter/index?page=content&id=kb16110

    Regards, 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------