Juniper INS-PHOENIX (SRX220H) data usages

Hi,

I have a Juniper INS-PHOENIX (SRX220H) firewall which I am using as a router.

Requirement:
I want to check the network utilization ie. received and transmitted data for every single computer passing through this router.
Something like vnstat in linux box but for all the computers.


This requirement is because I want to know how much data usages is there for all the employees.
abhinav4Asked:
Who is Participating?
 
pergrConnect With a Mentor Commented:
You can run port-mirroring on the SRX:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB21833&actp=RSS

and then send that out to the PC running ntop (www.ntop.org).

That will give you loads of statistics, per user.
0
 
deimarkCommented:
This isn't so easy on SRX bud.

We do have the ability to monitor the interfaces for throughput but narrowing it down to individual PCS will require some other network monitoring tool and send the traffic to that to provide the reports.

To view the interface stats, go to the web interface, select monitor then interfaces.

Click on the interface you want and then click "graph"

HTH
0
 
abhinav4Author Commented:
Hi,
Thanks for the information once again.
I could only see input rate and output rate of the interface on the graph.

Well as you mentioned that I would require some other networking tool to achieve the desired output, do you have any tool in mind which I could use. I could create one virtual machine to install the tool.
As I do not have any budget to go for some enterprise tool I would prefer a free tool.
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

 
deimarkCommented:
There are plenty of choices out  there for us to choose from.

2 that I have used in the distant past were cacti and nagios.

Nagios was very manual in the config ie we had ti edit config files to change the settings etc, but worked really well in monitoring servers and networks.

A more user friendly option is cacti, which takes a lot of the manual editing away from nagios and allows us to add config via the web interface.

It is a very subjective choice here bud, so have a look at the 2 solutions above and see if they fit your bill.

A couple of links that show some comparisons and pros and cons are below.

http://www.techrepublic.com/blog/five-apps/five-free-network-monitoring-tools/1342

http://sixrevisions.com/tools/10-free-server-network-monitoring-tools-that-kick-ass/

You can configure the SRX to send stats to the server running whichever monitoring tool you choose and then view the results.

HTH bud
0
 
abhinav4Author Commented:
Ok, I have a Linux box running nagios core to monitor basic checks for few test machine. I have used check_nrpe, check_nt and check_by_ssh plugin to monitor some windows/Linux machines, so I can go with Nagios.
Now, how can I configure SRX to send stats to the nagios machine and which plugin I would use in Nagios to accept it.
0
 
deimarkCommented:
Hi bud

Its been a while since I used nagios bud, can you remind me what kind of stuff it needs?

For example I know it uses SNMP to poll for data and I also assume that its needs flow information sent to it for network usage stats but apart from that my nagios skills are weak bud.  And I have no idea what plugin to use bud, I would assume it would be in the nagios docs.
0
 
abhinav4Author Commented:
Hi bud
I found the following link
http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html

It seems it would require check_snmp plugin to get the result.
How can I check SNMP is enabled in SRX and how to enable it so that it could reply back to Nagios.
0
 
deimarkCommented:
CLI is best for this bud

1st of all st, some SNMP informational comments, edit to add your on location and contact

set snmp location Auckland
set snmp contact SupportContactDetails
 
Set the SNMP community, use the same one that nagios uses to connect to otehr devices,  If it doesnt have one, then create it.  Change the name to reflect the right community

set snmp community communityname authorization read-write
 
Then set some criteria to allow hosts to query the SRX, ie as below, we will allow 192.168.1.0/24 ONLY to query the SRX.  CHange the IP to reflect that of the nagios server
 
set snmp community communityname clients 192.168.1.0/24
set snmp community communityname clients 0.0.0.0/0 restrict

TO get this work on the SRX< we need to allow the SNMP traffic into the firewall and to do this we add the host-inbound-traffic to the security zone and interface where the nagios server will speak to the SRX on.  ie the incoming interface for nagios queries


Once that is done, it should all work fine.  Make sure nagios has the latest MIB for the SRX bud

set security zones security-zone untrust interfaces fe0/0/0 host-inbound-traffic system-services snmp
0
 
abhinav4Author Commented:
well this should work, but again it will give me traffic as a whole.
My requirement is to get the traffic of workstations connected to SRX. How to separate the traffic on ip basis?
0
 
deimarkConnect With a Mentor Commented:
Thats why I said send flow statistics to the server as well, but I cant remember if nagios does this natively or relies on something like MRTG.

See http://kb.juniper.net/InfoCenter/index?page=content&id=KB16677 for configuring Jflow.  Jflow is basically the juniper version of Ciscos netflow and will allow you to statistically sample the network packets going through the device and then send them onto a suitable monitoring server
0
 
abhinav4Author Commented:
Thanks bud,

I am working on it. Still not able to succeed
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.