?
Solved

Juniper INS-PHOENIX (SRX220H) data usages

Posted on 2013-01-04
13
Medium Priority
?
187 Views
Last Modified: 2014-11-10
Hi,

I have a Juniper INS-PHOENIX (SRX220H) firewall which I am using as a router.

Requirement:
I want to check the network utilization ie. received and transmitted data for every single computer passing through this router.
Something like vnstat in linux box but for all the computers.


This requirement is because I want to know how much data usages is there for all the employees.
0
Comment
Question by:abhinav4
  • 5
  • 5
11 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38743070
This isn't so easy on SRX bud.

We do have the ability to monitor the interfaces for throughput but narrowing it down to individual PCS will require some other network monitoring tool and send the traffic to that to provide the reports.

To view the interface stats, go to the web interface, select monitor then interfaces.

Click on the interface you want and then click "graph"

HTH
0
 

Author Comment

by:abhinav4
ID: 38743097
Hi,
Thanks for the information once again.
I could only see input rate and output rate of the interface on the graph.

Well as you mentioned that I would require some other networking tool to achieve the desired output, do you have any tool in mind which I could use. I could create one virtual machine to install the tool.
As I do not have any budget to go for some enterprise tool I would prefer a free tool.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743116
There are plenty of choices out  there for us to choose from.

2 that I have used in the distant past were cacti and nagios.

Nagios was very manual in the config ie we had ti edit config files to change the settings etc, but worked really well in monitoring servers and networks.

A more user friendly option is cacti, which takes a lot of the manual editing away from nagios and allows us to add config via the web interface.

It is a very subjective choice here bud, so have a look at the 2 solutions above and see if they fit your bill.

A couple of links that show some comparisons and pros and cons are below.

http://www.techrepublic.com/blog/five-apps/five-free-network-monitoring-tools/1342

http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/

You can configure the SRX to send stats to the server running whichever monitoring tool you choose and then view the results.

HTH bud
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:abhinav4
ID: 38743153
Ok, I have a Linux box running nagios core to monitor basic checks for few test machine. I have used check_nrpe, check_nt and check_by_ssh plugin to monitor some windows/Linux machines, so I can go with Nagios.
Now, how can I configure SRX to send stats to the nagios machine and which plugin I would use in Nagios to accept it.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743269
Hi bud

Its been a while since I used nagios bud, can you remind me what kind of stuff it needs?

For example I know it uses SNMP to poll for data and I also assume that its needs flow information sent to it for network usage stats but apart from that my nagios skills are weak bud.  And I have no idea what plugin to use bud, I would assume it would be in the nagios docs.
0
 

Author Comment

by:abhinav4
ID: 38743381
Hi bud
I found the following link
http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html

It seems it would require check_snmp plugin to get the result.
How can I check SNMP is enabled in SRX and how to enable it so that it could reply back to Nagios.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743415
CLI is best for this bud

1st of all st, some SNMP informational comments, edit to add your on location and contact

set snmp location Auckland
set snmp contact SupportContactDetails
 
Set the SNMP community, use the same one that nagios uses to connect to otehr devices,  If it doesnt have one, then create it.  Change the name to reflect the right community

set snmp community communityname authorization read-write
 
Then set some criteria to allow hosts to query the SRX, ie as below, we will allow 192.168.1.0/24 ONLY to query the SRX.  CHange the IP to reflect that of the nagios server
 
set snmp community communityname clients 192.168.1.0/24
set snmp community communityname clients 0.0.0.0/0 restrict

TO get this work on the SRX< we need to allow the SNMP traffic into the firewall and to do this we add the host-inbound-traffic to the security zone and interface where the nagios server will speak to the SRX on.  ie the incoming interface for nagios queries


Once that is done, it should all work fine.  Make sure nagios has the latest MIB for the SRX bud

set security zones security-zone untrust interfaces fe0/0/0 host-inbound-traffic system-services snmp
0
 

Author Comment

by:abhinav4
ID: 38743564
well this should work, but again it will give me traffic as a whole.
My requirement is to get the traffic of workstations connected to SRX. How to separate the traffic on ip basis?
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 1000 total points
ID: 38743639
Thats why I said send flow statistics to the server as well, but I cant remember if nagios does this natively or relies on something like MRTG.

See http://kb.juniper.net/InfoCenter/index?page=content&id=KB16677 for configuring Jflow.  Jflow is basically the juniper version of Ciscos netflow and will allow you to statistically sample the network packets going through the device and then send them onto a suitable monitoring server
0
 

Author Comment

by:abhinav4
ID: 38777945
Thanks bud,

I am working on it. Still not able to succeed
0
 
LVL 17

Accepted Solution

by:
pergr earned 1000 total points
ID: 38778080
You can run port-mirroring on the SRX:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833&actp=RSS

and then send that out to the PC running ntop (www.ntop.org).

That will give you loads of statistics, per user.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question