Configuring Flow Exports on Juniper SRX Series Firewalls
For NetFlow analysis, you need to configure your devices to export flows to Site24x7 On-Premise Poller, which is the NetFlow collector. The On-Premise Poller will be listening to the particular port to receive flows. Learn how to find the port number of your On-Premise Poller.
Configure jFlow on Juniper SRX series service gateways using the following commands:
jFLow v5 and v8
sampling {
input {
family inet {
rate 1000;
run-length 9;
max-packets-per-second 7000;
}
}
output {
cflowd <destination address>{
port ;
source-address <source address>;
version <version number>;
no-local-dump;
autonomous-system-type origin;
}
}
}
}
firewall
filter Sample-FILTER {
term ALLOW-ANY {
then {
sample;
accept;
To enable packet sampling on particular interfaces, follow the below sample configuration.
ge-1/3/0 {
vlan-tagging;
unit 101 {
vlan-id 101;
family inet {
sampling {
input Sample-FILTER;
output Sample-FILTER;
}
address 206.80.253.26/25
}
}
}
}
jFLow v9
set forwarding-options sampling input family inet rate 1000
set forwarding-options sampling input family inet run-length 9
set forwarding-options sampling input family inet max-packets-per-second 7000
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} source-address {DEVICE_IP}
set forwarding-options sampling output flow-server {NETFLOW_SERVER_IP} version 5
set firewall filter Netflow-filter term allow-any then sample
set firewall filter Netflow-filter term allow-any then accept
Enter global configuration mode on the router or Multilayer Switch Feature Card (MSFC), and issue the following commands for each interface on which you want to enable flow:
set interfaces {INTERFACE_NAME} unit 0 family inet sampling output
set interfaces {INTERFACE_NAME} unit 0 family inet address $Interface_IP
Juniper SRX flexible
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-active-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template flow-inactive-timeout 60
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate packets 480000
set services flow-monitoring version9 template IPV4-JFLOW-TEMPLATE ipv4-template template-refresh-rate second 60
set forwarding-options sampling input rate 100
set forwarding-options sampling input run-length 0
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} port {NETFLOW_SERVER_LISTENER_PORT}
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} autonomous-system-type origin
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} no-local-dump
set forwarding-options sampling family inet output flow-server {NETFLOW_SERVER_IP} version9 template IPV4-JFLOW-TEMPLATE
set forwarding-options sampling family inet output inline-jflow source-address {DEVICE_IP}
Enter global configuration mode on the router or Multilayer Switch Feature Card (MSFC), and issue the following commands for each interface on which you want to enable flow: