[Survey] The 2025 Observability Survey - Share your opinion and earn $10.Take the survey

Juniper SRX Flow Configuration

Make sure the device is configured as below,

forwarding-options {
sampling {
input {
family inet {
rate 1000;
run-length 9; 
max-packets-per-second 7000;
}
}
output {
cflowd <destination address>{
port ;
source-address <source address>;
version <version number>;
no-local-dump;
autonomous-system-type origin;
}
}
}
}

firewall

  • filter Sample-FILTER {
    • term ALLOW-ANY {
      • then {
        • sample;
        • accept;

To enable packet sampling on the particular interface(s), from which flow analysis to be done follow the below sample configuration.

interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input Sample-FILTER;
output Sample-FILTER;
}
address 206.80.253.26/25
}
}
}
}

To manage un-managed interfaces and New interfaces for monitoring traffic, please follow below path.

Click settings-->NetFlow-->License Management-->NetflowInterfaces-->Select the Interface for the juniper device-->Click Manage.

Back to Top