Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

TAP Mode for Flow Sessions

In TAP mode, an SRX Series Firewall will be connected to a mirror port of the switch, which provides a copy of the traffic traversing the switch. An SRX Series Firewall in TAP mode processes the incoming traffic from TAP interface and generates a security log to display the information on threats detected, application usage, and user details.

Understanding TAP Mode Support for Security Flow Sessions

Starting in Junos OS Release 18.3R1, TAP mode supports security flow sessions. The security flow session configuration remains the same as non-TAP mode. When you configure a device to operate in TAP mode, the device generates a security log information to display the information on threats detected, application usage, and user details according to the incoming traffic. TAP mode is enabled in flow status when there is a configured TAP interface.

Traffic with and without VLAN can be received by TAP interface. By default, on all devices, the FLOW SYN-check and sequence-check options are disabled at [set security] hierarchy level.

Starting in Junos OS Release 20.1R1, TAP mode can be used to inspect at most two levels of embedding IP-IP tunnels and one level of embedding GRE tunnel by de-encapsulating the outer and inner IP header and creating flow sessions. You can configure up to eight TAP interfaces on an SRX Series Firewall.

Example: Configuring Security Flow Sessions in TAP mode

This example shows how to configure security flow sessions when the SRX Series Firewall is configured in TAP mode.

Requirements

This example uses the following hardware and software components:

  • An SRX Series Firewall

  • Junos OS Release 19.1R1

Overview

In this example, you configure the security flow sessions when the SRX Series Firewall is configured in TAP mode. Sessions are created when a TCP SYN packet is received and permitted by the security policy.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Procedure

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in theCLI User Guide.

To configure security flow sessions in TAP mode:

  1. Configure the security flow session.

Results

From configuration mode, confirm your configuration by entering the show security flow command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform these tasks:

Verifying Security Session Configuration in TAP Mode

Purpose

Verify information about security sessions.

Action

From operational mode, enter the show security flow session command.

Meaning

Displays information about all currently active security sessions on the device in TAP mode.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
20.1R1
Starting in Junos OS Release 20.1R1, TAP mode can be used to inspect at most two levels of embedding IP-IP tunnels and one level of embedding GRE tunnel by de-encapsulating the outer and inner IP header and creating flow sessions.