Security

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Excessive network consumption - SRX300

    Posted 02-26-2021 12:51
    Hello guys. Okay ?

    I have a problem on my network, there are some users consuming a lot of network traffic, I believe it is a very large download.

    Is there any way to check which ip is performing this excessive consumption?

    ------------------------------
    Leandro Gomes
    SRX300
    ------------------------------


  • 2.  RE: Excessive network consumption - SRX300

     
    Posted 02-28-2021 07:50
    I've not used jweb myself, but there is this visual management tool you can turn on and get some reporting from that may help.

    https://www.juniper.net/documentation/en_US/jweb20.4/information-products/pathway-pages/j-web-security-user-guide.html

    On the cli you main area to look if the issue is active is the session table.
    This will list  the total sessions you have at the moment as a reference
    show security flow summary​

    This lists ALL sessions active if the total is something reasonable.  
    Output includes the current byte size of the session so you can look for unusually high numbers.
    show security flow session 
    
    Session ID: 1, Policy name: self-traffic-policy/1, Timeout: 1798, Valid
      In: 192.168.0.1/2736 --> 192.168.0.20/22;tcp, If: fe-0/0/7.0, Pkts: 273, Bytes: 19082
      Out: 192.168.0.20/22 --> 192.168.0.1/2736;tcp, If: .local..0, Pkts: 204, Bytes: 21677​

    The view of sessions can be limited by source or destination ip addresses or protocol/ports, policies, interfaces or a number of parameters.
    Just add the ? and choose the option that will help investigate.
    show security flow session ?
    Possible completions:
      <[Enter]>            Execute this command
      application          Application protocol name
      application-firewall  Show application-firewall sessions
      application-firewall-rule-set  Show application-firewall session by rule-set
      application-traffic-control  Show application-traffic-control sessions
      application-traffic-control-rule-set  Show application-traffic-control session by rule-set
      brief                Show brief output (default)
      destination-port     Destination port (1..65535)
      destination-prefix   Destination IP prefix or address
      dynamic-application  Dynamic application name
      dynamic-application-group  Dynamic application group name
      encrypted            Show encrypted traffic
      extensive            Show detailed output
      family               Protocol family
      idp                  IDP sessions
      interface            Name of incoming or outgoing interface
      nat                  Sessions with network address translation
      policy-id            Policy id value (1..4294967295)
      protocol             IP protocol number
      resource-manager     Sessions with resource manager
      session-identifier   Show session with specified session identifier
      source-port          Source port (1..65535)
      source-prefix        Source IP prefix or address
      summary              Show output summary
      tunnel               Tunnel sessions



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------