SRX

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Filter created on SRX is not writing file

    Posted 14 days ago

    ( I posted this in Security before I found this community. Sorry for the cross posting.  ) 

    I checked out videos and docs on the Juniper support site and came up with these settings. ( Hiding the real IPs )

    set firewall filter Rims_Filter term 1 from source-address xxx.xxx.xxx.xxx/32
    set firewall filter Rims_Filter term 1 from destination-address yyy.yyy.yyy.yyy/32
    set firewall filter Rims_Filter term 1 then sample
    set firewall filter Rims_Filter term 1 then accept
    set firewall filter Rims_Filter term 2 from source-address yyy.yyy.yyy.yyy/32
    set firewall filter Rims_Filter term 2 from destination-address xxx.xxx.xxx.xxx/32
    set firewall filter Rims_Filter term 2 then sample
    set firewall filter Rims_Filter term 2 then accept
    set firewall filter Rims_Filter term 3 then accept

    As well as these lines in the config:

    set interfaces ge-0/0/15 unit 0 family inet filter input Filter_Name
    set interfaces ge-0/0/15 unit 0 family inet filter output Filter_Name

    My issue is that the saved file is not being created in the /cf/var/tmp folder on the firewall. It was created the first time I tried this with a less elegant filter as shown below. 

    delete firewall filter Rims_Filter term 1 from source-address xxx.xxx.xxx.xxx/32
    delete firewall filter Rims_Filter term 1 from destination-address yyy.yyy.yyy.yyy/32
    set  firewall filter Rims_Filter term 1 then sample
    set firewall filter Rims_Filter term 2 then accept
    set firewall filter Rims_Filter term 3 from source-address yyy.yyy.yyy.yyy/32
    set firewall filter Rims_Filter term 3 from destination-address xxx.xxx.xxx.xxx/32
    set firewall filter Rims_Filter term 3 then sample
    set firewall filter Rims_Filter term 4 then accept

    set interfaces ge-0/0/15 unit 0 family inet filter input Filter_Name. ( Note I only have the input line here )

    Where have I made my mistake?  I use the command set forwarding-options packet-capture disable to turn it off and set forwarding-options packet-capture enable to turn it back on. 



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------


  • 2.  RE: Filter created on SRX is not writing file

    Posted 13 days ago

    Ref: https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/analyze-network-traffic-by-using-packet-capture.html#id-example-enabling-packet-capture-on-a-device

    Not sure in what way the behavior is affected when you don't have the file name explicitly specified, but you probably should include it:

    set forwarding-options packet-capture file filename blablabla

    Also, for consistency across different SRX models, you should look for stuff in /var/tmp/ rather than /cf/var/tmp. Yeah, it's just a symlink to /cf/var/tmp but some models don't have /cf/var/tmp/ so if you get used the /cf/ path one day you'll be unpleasantly surprised.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 3.  RE: Filter created on SRX is not writing file

    Posted 13 days ago
    Edited by JOHN WILLIAMSON 13 days ago

    Nikolav,

    I do have a filter name specified I just changed the title for this thread. 

    set forwarding-options packet-capture file filename File_Name. ( This is a generic name for this thread )

    set interfaces ge-0/0/15 unit 0 family inet filter input Filter_Name  ( Also generic names for this thread )
    set interfaces ge-0/0/15 unit 0 family inet filter output Filter_Name ( Also generic names for this thread )

    On this SRX,  the folders get forwarded, if that is the correct term to the cf/.... folder.  I expected to go to the default location and the SRX told me it was in the cf version.



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------



  • 4.  RE: Filter created on SRX is not writing file

    Posted 13 days ago

    In that case, there's nothing that stands out to me. You could go back to the configuration that worked and change it little by little, and see at what point everything breaks.



    ------------------------------
    Nikolay Semov
    ------------------------------