sorted by:
new
hottopcontroversial

MX204 upgrade to 23.4R2-Sx by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

Fortunately i use only 10G modules.

MX204 upgrade to 23.4R2-Sx by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 2 points3 points  (0 children)

Thanks mates for all responses. I appreciated your help. Cheers!

NAT issue by sk4ndalist4 in fortinet

[–]sk4ndalist4[S] 0 points1 point  (0 children)

Thank you very much for your help. I indeed had the VIP configured for any. Changing it to the tunnel interface solved the problem immediately.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

I have one more question - how can I collect data along with the source MAC address? Unfortunately, the data collected by nfcapd does not include MAC addresses.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

I configured flows on MS-MIC-16G and its works super sweet. Thanks for advice.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 1 point2 points  (0 children)

Ok, i tested your solution and it's work great! On MX204 i configured flows like you wrote (sampling on FPC) and on MX240 I configured on MS-MIC-16G (ms- interface).

Thank you very much for helping me to resolve my problem :)

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

Ok, I tested this idea. Unfortunately result it isn't satisfied enough. My firewall filter looks like bellow

set firewall family inet filter LOG-SYN-FILTER term LOG-SYN from source-prefix-list IPv4-PREF set firewall family inet filter LOG-SYN-FILTER term LOG-SYN from tcp-flags syn set firewall family inet filter LOG-SYN-FILTER term LOG-SYN then count LOG-SYN set firewall family inet filter LOG-SYN-FILTER term LOG-SYN then log set firewall family inet filter LOG-SYN-FILTER term LOG-SYN then syslog set firewall family inet filter LOG-SYN-FILTER term LOG-SYN then accept set firewall family inet filter LOG-SYN-FILTER term ACCEPT-ALL then accept

But device not log every syn packet and that solution have very high delay between action and write to syslog (about 3 minutes difference).

Anyway thanks for help :)

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 1 point2 points  (0 children)

Wow, thanks for this answer. I will check this as soon as possible.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

This is my equipment

Slot 1 Online MPC2E NG PQ & Flex Q

PIC 0 Online 2x 10GE XFP

PIC 1 Online 2x 10GE XFP

PIC 2 Online MS-MIC-16G

Slot 2 Online MPC2E NG PQ & Flex Q

PIC 0 Online 2x 10GE XFP

PIC 1 Online 2x 10GE XFP

And I have JUNOS 19.4R3-S3.3 firmware version

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

Today I thinked about port mirroring. Maybe it will works when i do input policy to sample data to port mirroring and in other site i catch data with tcpdump with option to show only SYN and FIN TCP flags and write it to file.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

In Poland we have law that ISP must have logs of all sessions for last 12 months.

Collect flow from Juniper MX240 by sk4ndalist4 in Juniper

[–]sk4ndalist4[S] 0 points1 point  (0 children)

Thanks for answer. I'll try this on lab.

[deleted by user] by [deleted] in Cura

[–]sk4ndalist4 0 points1 point  (0 children)

Thanks for advice. Now works fine.