http://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=search
Set logging the debug to the console (not sure that this is required might be an old command)
set console dbuf
Set your filters to match the interesting traffic
set ffilter src-ip xx.xx.xx.xx dst-ip yy.yy.yy.yy
set ffilter src-ip yy.yy.yy.yy dst-ip xx.xx.xx.xx
unset ffilter ? (to remove, usually use id "0")
Start the debug
Debug flow basic
(can also use 'debug flow drop' to only see drop/deny)
Generate your traffic
ping yy.yy.yy.yy
Stop the debug
Press ESC when finished or 'undebug all'
Show the debug output
get db stream
Clear the debug to do a fresh test without a wall of text
clear db
There is a lot of output but if you read through you should see the routing, nat and policy(ACL) matching and what happened to the traffic.
Showing posts with label screenos. Show all posts
Showing posts with label screenos. Show all posts
Thursday, 5 November 2015
Tuesday, 22 January 2013
Collecting logs from a juniper ssg firewall
Turn on logging in putty
set console page 0
get tech
set console page 22
If trouble shooting a VPN
set console page 0
get tech
get ike cookie
get sa
get route
get event include x.x.x.x (peer address)
get event type 536
set console page 22
set console page 0
get tech
set console page 22
If trouble shooting a VPN
set console page 0
get tech
get ike cookie
get sa
get route
get event include x.x.x.x (peer address)
get event type 536
set console page 22
Monday, 16 July 2012
saving the config to tftp on a juniper firewall with screenos
save config to tftp [IP_OF_TFTP_SERVER] [FILENAME_OF_CONFIG]
save config to tftp 192.168.1.10 my-firewall-cfg.rtf
Subscribe to:
Posts (Atom)