RtoDto.net
Network/Security/Programming

Author: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

Packet debug in SRX

rtoodtoo srx, troubleshooting April 13, 2011

If you want to debug a packet flow you can use the following config by which testdebug.log file will contain icmp traffic debugs. [edit security flow] root@host# show traceoptions {     file testdebug.log;     flag basic-datapath;     packet-filter look-icmp {         protocol icmp;     } }

some things about policies/sessions

rtoodtoo policies, srx April 13, 2011

1)  An ICMP packet occupies a session entry in SRX 2) There is an intra-zone policy applied by default so packets belonging to the same zone but in different interfaces cannot traverse unless there is a intra-zone policy permitting them. 3) If the policy doesn’t allow a packet, it cannot be seen in monitor traffic
Read More »

trim on output

rtoodtoo srx April 8, 2011

Today I learned a handy option in show command which is particularly useful when debugging trace files.  For example if you display a debug file host>show log debug.log Apr  8 21:36:29 21:36:28.1118827:CID-0:RT:packet [60] ipid = 60723, @4094a01c Apr  8 21:36:29 21:36:28.1118978:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x40949e80, rtbl_idx = 0 Apr  8
Read More »

SRX cluster

rtoodtoo clustering, srx April 7, 2011

You can find step by step instructions to set up an SRX firewall chassis cluster in different branch models. Before starting your cluster config, please make sure you have installed the JTAC recommended release which you can find at http://kb.juniper.net/KB21476 Please note that these instructions below belong to several branch models each of which has
Read More »

SRX policy-rematch

rtoodtoo srx April 4, 2011

Today I played with policies in SRX and made a policy change which is supposed to block SSH traffic from internal clients to outside networks. I made the change and committed the configuration but I saw that my SSH connection was still alive and connection wasn’t dropped. However when I disconnect and try to reconnect,
Read More »

loading junos configuration is very easy

rtoodtoo system management March 28, 2011

I love the way junos manages configuration file.  Here is my favorite command “load” and some examples about it. [edit interfaces ge-4/0/0] root@router#load update terminal relative [Type ^D at a new line to end input] If you are at a relative location such as an interface configuration as above, any thing you paste will override
Read More »

monitoring files in JUNOS

rtoodtoo system management March 24, 2011

If you want to monitor a growing log file in JUNOS, there is a builtin command for this purpose. For example, if you want to monitor the log file /var/log/messages just run; user@host> monitor start /var/log/messages and any change in this file will be displayed on your screen. To stop monitoring simply run; user@host> monitor
Read More »