Thu, 13 Aug 2009 6:52 PM
Jflow on SRX210
Michael Dale
We'll I've got my Juniper SRX210 up and running and it supports some stuff the old SSG didn't (it is also missing a few features too).
One of the new features is the support for JFlow (which is the Juniper version of Cisco's NetFlow).
Basically it means that the firewall can log traffic to a server in a format that allows for graphs such as this:
Pretty cool. Anyway the documentation for the SRX isn't that great, so here is my configuration for this (running SRX JunOS 9.6):
fe-0/0/7 {
unit 0 {
family inet {
filter {
input cflow;
output all;
}
address 203.206.210.249/29;
}
}
}
firewall {
filter all {
term all {
then {
sample;
accept;
}
}
}
filter cflow {
term 1 {
then {
sample;
accept;
}
}
}
}
forwarding-options {
sampling {
input {
rate 1;
run-length 0;
max-packets-per-second 50000;
}
family inet {
output {
flow-server 203.206.210.250 {
port 2055;
version 5;
}
}
}
}
}