Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Network Management and Monitoring Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right

Example: Configure IP Monitoring on SRX Series Firewalls

date_range 28-Jul-23

This example shows how to monitor IP on an SRX Series Firewall.

Requirements

Before you begin:

Configure the following RPM options for RPM test:

  • target-address

  • probe-count

  • probe-interval

  • test-interval

  • thresholds

  • next-hop

Overview

This example shows how to set up IP monitoring on an SRX Series Firewall.

Configuration

Procedure

CLI Quick Configuration

To quickly configure this example, copy the following commands, past them into a text file, remove any line breaks, change any details to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

content_copy zoom_out_map
set services rpm probe Probe-Payment-Server test paysvr target address 1.1.1.10
set services rpm probe Probe-Payment-Server test paysvr probe-count 10
set services rpm probe Probe-Payment-Server test paysvr probe-interval 5
set services rpm probe Probe-Payment-Server test paysvr test-interval 5
set services rpm probe Probe-Payment-Server test paysvr thresholds successive-loss 10
set services rpm probe Probe-Payment-Server test paysvr next-hop 2.2.2.1
set services ip-monitoring policy Payment-Server-Tracking match rpm-probe Probe-Payment-Server
set services ip-monitoring policy Payment-Server-Tracking then preferred-route route 1.1.1.0/24 next-hop 1.1.1.99

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .

To configure IP monitoring on an SRX Series Firewall:

  1. Configure the target address under the RPM probe.

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr target address 1.1.1.10
    
  2. Configure the probe count under the RPM probe.

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr probe-count 10
    
  3. Configure the probe interval (in seconds) under the RPM probe.

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr probe-interval 5
    
  4. Configure the test interval (in seconds) under the RPM probe.

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr test-interval 5
    
  5. Configure the threshold successive loss count under the RPM

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr thresholds successive-loss 10
    
  6. Configure the next-hop IP address under the RPM probe.

    content_copy zoom_out_map
    [edit ]
    user@host# set services rpm probe Probe-Payment-Server test paysvr next-hop 2.2.2.1
    
  7. Configure the IP monitoring policy under services.

    content_copy zoom_out_map
    [edit ]
    user@host# set services ip-monitoring policy Payment-Server-Tracking match rpm-probe Probe-Payment-Server 
    
    Note:

    The following steps are not mandatory. You can configure interface actions and route actions independently, or you can configure both the interface action and the route action together in one IP monitoring policy.

  8. Configure the IP monitoring preferred route under services.

    content_copy zoom_out_map
    [edit ]
    user@host# set services ip-monitoring policy Payment-Server-Tracking then preferred-route route 1.1.1.0/24 preferred-metric 4
    
  9. Configure the IP monitoring interface actions.

    • Enable

      content_copy zoom_out_map
      [edit ]
      user@host# set services ip-monitoring policy Payment-Server-Tracking then interface ge-0/0/1 enable
      
    • Disable

      content_copy zoom_out_map
      [edit ]
      user@host# set services ip-monitoring policy Payment-Server-Tracking then interface fe-0/0/[4-6] disable
      
  10. Configure the no-preempt option.

    content_copy zoom_out_map
    [edit ]
    user@host# set services ip-monitoring policy Payment-Server-Tracking no-preempt
    

Verification

Verifying IP Monitoring

Purpose

Verify the IP monitoring status of a policy.

Action

To verify the configuration is working properly, enter the following command:

show services ip-monitoring status <policy-name>

footer-navigation