Solved

Juniper INS-PHOENIX (SRX220H) data usages

Posted on 2013-01-04
13
169 Views
Last Modified: 2014-11-10
Hi,

I have a Juniper INS-PHOENIX (SRX220H) firewall which I am using as a router.

Requirement:
I want to check the network utilization ie. received and transmitted data for every single computer passing through this router.
Something like vnstat in linux box but for all the computers.


This requirement is because I want to know how much data usages is there for all the employees.
0
Comment
Question by:abhinav4
  • 5
  • 5
13 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38743070
This isn't so easy on SRX bud.

We do have the ability to monitor the interfaces for throughput but narrowing it down to individual PCS will require some other network monitoring tool and send the traffic to that to provide the reports.

To view the interface stats, go to the web interface, select monitor then interfaces.

Click on the interface you want and then click "graph"

HTH
0
 

Author Comment

by:abhinav4
ID: 38743097
Hi,
Thanks for the information once again.
I could only see input rate and output rate of the interface on the graph.

Well as you mentioned that I would require some other networking tool to achieve the desired output, do you have any tool in mind which I could use. I could create one virtual machine to install the tool.
As I do not have any budget to go for some enterprise tool I would prefer a free tool.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743116
There are plenty of choices out  there for us to choose from.

2 that I have used in the distant past were cacti and nagios.

Nagios was very manual in the config ie we had ti edit config files to change the settings etc, but worked really well in monitoring servers and networks.

A more user friendly option is cacti, which takes a lot of the manual editing away from nagios and allows us to add config via the web interface.

It is a very subjective choice here bud, so have a look at the 2 solutions above and see if they fit your bill.

A couple of links that show some comparisons and pros and cons are below.

http://www.techrepublic.com/blog/five-apps/five-free-network-monitoring-tools/1342

http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/

You can configure the SRX to send stats to the server running whichever monitoring tool you choose and then view the results.

HTH bud
0
 

Author Comment

by:abhinav4
ID: 38743153
Ok, I have a Linux box running nagios core to monitor basic checks for few test machine. I have used check_nrpe, check_nt and check_by_ssh plugin to monitor some windows/Linux machines, so I can go with Nagios.
Now, how can I configure SRX to send stats to the nagios machine and which plugin I would use in Nagios to accept it.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743269
Hi bud

Its been a while since I used nagios bud, can you remind me what kind of stuff it needs?

For example I know it uses SNMP to poll for data and I also assume that its needs flow information sent to it for network usage stats but apart from that my nagios skills are weak bud.  And I have no idea what plugin to use bud, I would assume it would be in the nagios docs.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:abhinav4
ID: 38743381
Hi bud
I found the following link
http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html

It seems it would require check_snmp plugin to get the result.
How can I check SNMP is enabled in SRX and how to enable it so that it could reply back to Nagios.
0
 
LVL 18

Expert Comment

by:deimark
ID: 38743415
CLI is best for this bud

1st of all st, some SNMP informational comments, edit to add your on location and contact

set snmp location Auckland
set snmp contact SupportContactDetails
 
Set the SNMP community, use the same one that nagios uses to connect to otehr devices,  If it doesnt have one, then create it.  Change the name to reflect the right community

set snmp community communityname authorization read-write
 
Then set some criteria to allow hosts to query the SRX, ie as below, we will allow 192.168.1.0/24 ONLY to query the SRX.  CHange the IP to reflect that of the nagios server
 
set snmp community communityname clients 192.168.1.0/24
set snmp community communityname clients 0.0.0.0/0 restrict

TO get this work on the SRX< we need to allow the SNMP traffic into the firewall and to do this we add the host-inbound-traffic to the security zone and interface where the nagios server will speak to the SRX on.  ie the incoming interface for nagios queries


Once that is done, it should all work fine.  Make sure nagios has the latest MIB for the SRX bud

set security zones security-zone untrust interfaces fe0/0/0 host-inbound-traffic system-services snmp
0
 

Author Comment

by:abhinav4
ID: 38743564
well this should work, but again it will give me traffic as a whole.
My requirement is to get the traffic of workstations connected to SRX. How to separate the traffic on ip basis?
0
 
LVL 18

Assisted Solution

by:deimark
deimark earned 250 total points
ID: 38743639
Thats why I said send flow statistics to the server as well, but I cant remember if nagios does this natively or relies on something like MRTG.

See http://kb.juniper.net/InfoCenter/index?page=content&id=KB16677 for configuring Jflow.  Jflow is basically the juniper version of Ciscos netflow and will allow you to statistically sample the network packets going through the device and then send them onto a suitable monitoring server
0
 

Author Comment

by:abhinav4
ID: 38777945
Thanks bud,

I am working on it. Still not able to succeed
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 38778080
You can run port-mirroring on the SRX:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833&actp=RSS

and then send that out to the PC running ntop (www.ntop.org).

That will give you loads of statistics, per user.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now