Free training - ManageEngine NetFlow Analyzer

Juniper SRX Configuration

You can perform Juniper SRX configuration using the following steps:

Config t
set forwarding-options sampling input family inet rate 1000
set forwarding-options sampling input family inet run-length 9
set forwarding-options sampling input family inet max-packets-per-second 7000
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} source-address {DEVICE_IP}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} version 5

set firewall filter Netflow-filter term allow-any then sample
set firewall filter Netflow-filter term allow-any then accept

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable flow:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input
set interfaces {INTERFACE_NAME} unit 0 family inet sampling output
set interfaces {INTERFACE_NAME} unit 0 family inet address $Interface_IP

Juniper SRX flexible:

Config t
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-active-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-inactive-timeout 60
set services flow-monitoring version9 template ipv4-template template-refresh-rate packets 100

set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate second 60
set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 9
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} version9 template IPV4-JFLOW-TEMPLATE
set forwarding-options sampling family inet output inline-jflow source-address {DEVICE_IP}

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable flow:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input

Back to Top