帮助手册 Juniper SRX Series Firewalls

在Juniper 网络 SRX 系列防火墙上配置flow包导出

对于NetFlow 分析,您需要将设备配置为将flow包导出到 Site24x7 本地轮询器,即 NetFlow 收集器。本地部署轮询器将监听特定端口以接收flows。了解如何查找本地部署轮询器的端口号

使用以下命令在Juniper网络 SRX 系列服务网关上配置 jFlow:

jFlow v5 和 v8

forwarding-options {
sampling {
input {
family inet {
rate 1000;
run-length 9;
max-packets-per-second 7000;
}
}
output {
cflowd <destination address>{
port ;
source-address <source address>;
version <version number>;
no-local-dump;
autonomous-system-type origin;
}
}
}
}

firewall

filter Sample-FILTER {
term ALLOW-ANY {
then {
sample;
accept;

要在特定接口上启用数据包采样,请遵循以下示例配置。

interfaces {
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input Sample-FILTER;
output Sample-FILTER;
}
address 206.80.253.26/25
}
}
}
}

jFLow v9

config t
set forwarding-options sampling input family inet rate 1000
set forwarding-options sampling input family inet run-length 9
set forwarding-options sampling input family inet max-packets-per-second 7000
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} source-address {DEVICE_IP}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} version 5

set firewall filter Netflow-filter term allow-any then sample
set firewall filter Netflow-filter term allow-any then accept

在路由器或多层交换功能卡 (MSFC) 上进入全局配置模式,并为要启用flow的每个接口发出以下命令:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input
set interfaces {INTERFACE_NAME} unit 0 family inet sampling output
set interfaces {INTERFACE_NAME} unit 0 family inet address $Interface_IP

Juniper SRX flexible

config t
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-active-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-inactive-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate packets 480000

set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate second 60
set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 0
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} version9 template IPV4-JFLOW-TEMPLATE
set forwarding-options sampling family inet output inline-jflow source-address {DEVICE_IP}

在路由器或多层交换功能卡 (MSFC) 上进入全局配置模式,并为要启用flow的每个接口发出以下命令:

set interfaces {INTERFACE_NAME} unit 0 family inet sampling input

帮助手册 Juniper SRX Series Firewalls