Security

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  vSRX

    Posted 09-12-2021 22:51
    Edited by Juniper Community Admin 09-22-2021 14:49
    HI!
    Does vSRX support grpc telemetry?
    whith show version, i see there is openconfig!
    "user@vsrx> show version | match "Openconfig|na\ telemetry"
    JUNOS na telemetry [21.2R1.10]
    JUNOS Openconfig [21.2R1.10]"

    someone who tried?
    I tried but it does not work.

    Thanks


  • 2.  RE: vSRX

    Posted 09-13-2021 09:20
    It should be supported as per the feature navigator, https://apps.juniper.net/home/vsrx/features?swName=vSRX&rel=21.2R1.

    Elvin


  • 3.  RE: vSRX

    Posted 09-14-2021 14:54
    Edited by emacdermid 09-22-2021 14:42
    But, it does not work!

    "
    Sep 14 17:47:26 17:47:25.983271:CID-0:THREAD_ID-01:LSYS_ID-00:RT:check self-traffic on ge-0/0/0.0, in_tunnel 0x0 dp 32767
    Sep 14 17:47:26 17:47:25.983273:CID-0:THREAD_ID-01:LSYS_ID-00:RT:pak_for_self: No handler function found for proto:6, dst-port:32767, drop pkt
    Sep 14 17:47:26 17:47:25.983284:CID-0:THREAD_ID-01:LSYS_ID-00:RT: flow_first_in_dst_nat: in <ge-0/0/0.0>, out <N/A> dst_adr 10.199.88.254, sp 33814, dp 32767
    Sep 14 17:47:42 17:47:42.110852:CID-0:THREAD_ID-01:LSYS_ID-00:RT:~~~FLOW <10.10.10.216/33814->10.199.88.254/32767;6,0x0> of root-logical-system for iif ge-0/0/0.0:
    Sep 14 17:47:42 17:47:42.110869:CID-0:THREAD_ID-01:LSYS_ID-00:RT: ge-0/0/0.0:10.10.10.216/33814->10.199.88.254/32767, tcp, flag 2 syn
    Sep 14 17:47:42 17:47:42.110871:CID-0:THREAD_ID-01:LSYS_ID-00:RT: find flow: table 0x2aa75480, hash 50070(0xffff), sa 10.10.10.216, da 10.199.88.254, sp 33814, dp 32767, proto 6, tok 24, conn-tag 0x00000000, vrf-grp-id 0
    "
    traffic is coming in on vsxr but it drops, i don´t understand why.
    security zone trust which ge-0/0/0 belongs i configured:
    security-zone trust {
    host-inbound-traffic {
    system-services {
    all;
    }
    protocols {
    all;
    }
    }
    interfaces {
    ge-0/0/0.0;
    }
    }

    This is only a lab environment!

    /Mohammed