Hi,
I have gone by all the configurations posted on the boards and I am not having any luck on setting up the SRX210 trial device we have here to work with Orion NTA.
Below is my config on my device:-
## Last commit: 2009-10-14 18:13:29 UTC by root
version 9.5R1.8;
system {
autoinstallation {
delete-upon-commit; ## Deletes [system autoinstallation] upon change/commit
traceoptions {
level verbose;
flag {
all;
}
}
}
host-name EX-FWSRX210;
root-authentication {
encrypted-password "$1$owsJK56P$T.qjV36H3T7H/V/EwEbFF/"; ## SECRET-DATA
}
login {
user borat {
uid 2001;
class read-only;
authentication {
encrypted-password high5; ## SECRET-DATA
}
}
user telnet {
uid 2000;
class super-user;
authentication {
encrypted-password "$1$8m.zOg5H$m7JIYg/I2F9ZGm5gVS9DY1"; ## SECRET-DATA
}
}
}
services {
ssh;
web-management {
http {
interface ge-0/0/0.0;
}
}
}
syslog {
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
filter {
input cflow;
}
address 192.168.1.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 127.0.0.1/32;
}
}
}
}
forwarding-options {
sampling {
input {
family inet {
rate 1;
run-length 0;
max-packets-per-second 1000;
}
}
output {
cflowd 192.168.1.20 {
port 2055;
version 5;
}
}
}
}
snmp {
community public {
authorization read-only;
clients {
192.168.1.20/32;
}
}
community orion {
authorization read-only;
clients {
192.168.1.20/32;
}
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
queue-size 2000; ## Warning: 'queue-size' is deprecated
timeout 20;
}
land;
}
}
}
zones {
security-zone trust {
tcp-rst;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
http;
https;
ssh;
telnet;
dhcp;
}
}
}
}
}
security-zone untrust {
screen untrust-screen;
}
}
policies {
from-zone trust to-zone trust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy default-permit {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
}
}
}
}
}
firewall {
filter all {
term all {
then {
sample;
accept;
}
}
}
filter cflow {
term 1 {
then {
sample;
accept;
}
}
}
}
I have setup the forwarding options with max packets on 1000 as recommended from the juniper community forums in a similar configuration. I have also setup the snmp communities on both the Orion NPM server and the SRX. When I try to validate the SNMP settings and add the trust interface of the SRX to the Orion node list, it fails every time.
I get this message in Orion when I restart the netflow service (the IP address of the device is correct but I have blanked out):-
Netflow Receiver Service [xxxxxx] is receiving a netflow data stream from an unmanaged device (xxx.xxx.xxx.xxx). The netflow data stream from xxx.xxx.xxx.xxx will be discarded. Please use the Orion System Manager to add this IP address in order to process this Netflow data stream or just use this link....
Any help is apprechiated.
Thanks in advance,
Mark