SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series.

SRX340 port-mirroring, how to config destination port and next-hop

  • 1.  SRX340 port-mirroring, how to config destination port and next-hop

    Posted 12-19-2022 15:17
    Edited by Jodi Meier 12-19-2022 19:26

    Hello, 

    SRX340, my goal is to "port mirror" network traffic to a listening port from Alert Logic device. Alert Logic has refused to assign an IP address to the listening port on Alert Logic device, that I would use as the "next-hop" IP address. Alert Logic says their port is in promiscuous mode, and can't be assigned an IP address.  

    Now I am stuck. 

    When testing using a Wireshark computer that has next-hop IP address, the configurations at the end of this message works, i.e. the state of port-mirroring is "up".

    However, all other 3 variations listed below didn't work, the port-mirroring state was always "down". 
    1. not using a "next-hop" ip address;
    2. setting the IP address of port GE-0/0/7.0 192.168.9.1 as next-hop
    3. removing the IP address on GD-0/0/7.0, and/or, setting it to "family ethernet-switching" mode.

    Is there anyway to bring port-mirroring "up" without using a next-hop IP address? Would it possible to set GE-0/0/7 port to promiscuous mode? 
    At this time, there is no zone assigned for GE-0/0/7. 

    Thanks a million.  
    Gary

    Working Configuration 
    Testing using a computer that has Wireshark installed, this port-mirroring configuration works:
    [edit forwarding-options port-mirroring]
    root@ROUTER1# show
    input {
    rate 1;
    run-length 10;
    }
    family inet {
    output {
    interface ge-0/0/7.0 {
    next-hop 192.168.9.2;
    }
    }
    }
    [edit firewall filter port-mirror]
    root@ROUTER1# show
    term 1 {
    from {
    source-address {
    0.0.0.0/0;
    }
    }
    then {
    port-mirror;
    accept;
    }
    }
    [edit interfaces ge-0/0/7 unit 0]
    root@ROUTER1# show
    family inet {
    address 192.168.9.1/24;
    }
    [edit interfaces ge-0/0/1 unit 0]
    root@ROUTER1# show
    description ISP-ATT;
    family inet {
    filter {
    input port-mirror;
    output port-mirror;
    }
    address 1.1.1.1/29;
    }