Nothing Special   »   [go: up one dir, main page]
Scribd Logo
Upload

Welcome to Scribd!

  • 63 views

    Port Mirroring Juniper SRX Series

    Uploaded by

    Sergei Z
    Port mirroring allows traffic on an interface to be copied and sent to a monitoring system. This is done by configuring port mirroring in the forwarding options, creating a firewall filter to specify the mirrored interface, and applying the filter to the interface. For example, traffic coming into or leaving ge-0/0/0 would be mirrored to ge-0/0/1 where it can be analyzed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    Port Mirroring Juniper SRX Series

    Uploaded by

    Sergei Z
    63 views3 pages
    Port mirroring allows traffic on an interface to be copied and sent to a monitoring system. This is done by configuring port mirroring in the forwarding options, creating a firewall filter to specify the mirrored interface, and applying the filter to the interface. For example, traffic coming into or leaving ge-0/0/0 would be mirrored to ge-0/0/1 where it can be analyzed.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Port mirroring allows traffic on an interface to be copied and sent to a monitoring system. This is done by configuring port mirroring in the forwarding options, creating a firewall filter to specify the mirrored interface, and applying the filter to the interface. For example, traffic coming into or leaving ge-0/0/0 would be mirrored to ge-0/0/1 where it can be analyzed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    63 views3 pages

    Port Mirroring Juniper SRX Series

    Uploaded by

    Sergei Z
    Port mirroring allows traffic on an interface to be copied and sent to a monitoring system. This is done by configuring port mirroring in the forwarding options, creating a firewall filter to specify the mirrored interface, and applying the filter to the interface. For example, traffic coming into or leaving ge-0/0/0 would be mirrored to ge-0/0/1 where it can be analyzed.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    of 3

    Port mirroring Juniper SRX series

    This article explains how port mirroring feature can be configured on an SRX device.
    Symptoms
    Sometimes we may need to examine the traffic on an interface. This can be accomplished by
    taking a packet capture on the interface or mirroring the interface.
    SolutionStep 1: Configure port mirroring in the forwarding options hierarchy :
    [ edit forwarding-options]

    port-mirroring {
        input {
            rate 1;
            run-length 10;
        }
        family inet {
            output {
                interface ge-0/0/1.0 {
                    next-hop 2.2.2.1;
                }
            }
        }
    }

    Step 2: Configure firewall filter to port mirror


    [edit firewall]

    filter port-mirror {
        term 1 {
            from {
                source-address {
                    0.0.0.0/0;
                }
            }
            then {
                port-mirror;
                accept;
            }
        }
    }
    Step 3: Apply the filter on an interface that is to be mirrored
     
    [edit interfaces]
        ge-0/0/0 {
            unit 0 {
                family inet {
                    filter {
                        input port-mirror;
                        output port-mirror;
                    }
                    address 1.1.1.1/24;
                }
            }
        }

    The following is a sample configuration for port mirroring.

    In this example, a copy of the traffic that that comes into or goes out of the ge-0/0/0 interface can
    be sent to a monitoring system from ge-0/0/1 interface where it can be captured and analyzed.
    system {
        root-authentication {
            encrypted-password "$ABC123"; ## SECRET-DATA
        }
    }
    interfaces {
        ge-0/0/0 {
            unit 0 {
                family inet {
                    filter {
                        input port-mirror;
                        output port-mirror;
                    }
                    address 1.1.1.1/24;
                }
            }
        }
        ge-0/0/1 {
            unit 0 {
                 family inet {
                     address 2.2.2.2/24;
                 }
            }
        }
    }
    forwarding-options {
        port-mirroring {
            input {
                rate 1;
                run-length 10;
            }
            family inet {
                output {
                    interface ge-0/0/1.0 {
                        next-hop 2.2.2.1;
                    }
                }
            }
       }
    }
    security {
        policies {
            default-policy {
                permit-all;
            }
        }
        zones {
            security-zone trust {
                host-inbound-traffic {
                    system-services {
                        all;
                    }
                    protocols {
                        all;
                    }
                }
                interfaces {
                    all;
                }
            }
        }
    }
    firewall {
        filter port-mirror {
            term 1 {
                from {
                    source-address {
                        0.0.0.0/0;
                    }
                }
                then {
                    port-mirror;
                        accept;
                }
            }
        }
    }
    Note: Port mirroring with ethernet-switching is not supported.

    You might also like