Skip to main content

Juniper SRX Configuration

This document outlines the steps required to configure Juniper SRX devices for flow monitoring using Motadata NetFlow and flexible flow monitoring methods.

Basic Configuration Steps

Enter configuration mode:

Config t

Configure the forwarding options:

set forwarding-options sampling input family inet rate 1000
set forwarding-options sampling input family inet run-length 9
set forwarding-options sampling input family inet max-packets-per-second 7000
set forwarding-options sampling output flow-server {MOTADATA_SERVER_IP} port 2055
set forwarding-options sampling output flow-server {MOTADATA_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling output flow-server {MOTADATA_SERVER_IP} no-local-dump
set forwarding-options sampling output flow-server {MOTADATA_SERVER_IP} source-address {DEVICE_IP}
set forwarding-options sampling output flow-server {MOTADATA_SERVER_IP} version 5

Set up the firewall filter:

set firewall filter NetFlow-filter term allow-any then sample
set firewall filter NetFlow-filter term allow-any then accept

Enable flow sampling on each interface:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input
set interfaces {INTERFACE_NAME} unit 0 family inet sampling output
set interfaces {INTERFACE_NAME} unit 0 family inet address $Interface_IP

Flexible Flow Monitoring Configuration

Enter configuration mode:

Config t

Configure flow monitoring template:

set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template 
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-active-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-inactive-timeout 60
set services flow-monitoring version9 template ipv4-template template-refresh-rate packets 100
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate second 60

Configure forwarding options:

set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 9
set forwarding-options sampling family inet output flow-server {MOTADATA_SERVER_IP} port 2055
set forwarding-options sampling family inet output flow-server {MOTADATA_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling family inet output flow-server {MOTADATA_SERVER_IP} no-local-dump
set forwarding-options sampling family inet output flow-server {MOTADATA_SERVER_IP} version9 template IPV4-JFLOW-TEMPLATE
set forwarding-options sampling family inet output inline-jflow source-address {DEVICE_IP}

Enable flow sampling on each interface:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input

After completing the configuration, navigate to Menu > Flow Explorer and select the Event Source(s) and the associated Interface(s) from the drop-downs to view the active flow data.