Juniper SRX Flow Configuration

This document outlines the configuration steps necessary to enable flow analysis through packet sampling on a Juniper SRX device. It includes configuration for forwarding options, firewall filters, and interface settings.

Forwarding Options Configuration

Ensure the device is configured as follows:

forwarding-options {
    sampling {
        input {
            family inet {
                rate 1000;
                run-length 9; 
                max-packets-per-second 7000;
            }
        }
        output {
            cflowd <MOTADATA_SERVER_IP> {
                port 2055;
                source-address <source address>;
                version <version number>;
                no-local-dump;
                autonomous-system-type origin;
            }
        }
    }
}

Firewall Configuration

Define a firewall filter to allow sampling:

filter Sample-FILTER {
    term ALLOW-ANY {
        then {
            sample;
            accept;
        }
    }
}

Interface Configuration for Sampling

To enable packet sampling on specific interfaces, apply the following configuration:

interfaces {
    ge-0/1/2 {
        vlan-tagging;
        unit 500 {
            vlan-id 500;
            family inet {
                sampling {
                    input Sample-FILTER;
                    output Sample-FILTER;
                }
                address X.X.X.X/X;
            }
        }
    }
}

After completing the configuration, navigate to Menu > Flow Explorer and select the Event Source(s) and the associated Interface(s) from the drop-downs to view the active flow data.

Forwarding Options Configuration​

Firewall Configuration​

Interface Configuration for Sampling​

Forwarding Options Configuration

Firewall Configuration

Interface Configuration for Sampling