Sergey M. Posted December 19, 2014 Posted December 19, 2014 Люди добрые, подскажите Как посмотреть статистику NAT трансляций на juniper SRX3400? Особенно интересно - количество нат трансляций, новые трансляции \ старые и т.д. Вставить ник Quote
Sergey M. Posted December 19, 2014 Author Posted December 19, 2014 show security flow ... А что из них что означает? После циски как-то все сильно по другому :-) Вставить ник Quote
MonaxGT Posted December 21, 2014 Posted December 21, 2014 show security flow session nat - только нат сессии, a.makhinov@srx100> show security flow session nat Session ID: 8446, Policy name: trust-to-untrust/4, Timeout: 2, Valid In: y.y.y.y/751 --> x.x.x.x/7034;icmp, If: fe-0/0/1.0, Pkts: 1, Bytes: 84 Out: x.x.x.x/7034 --> y.y.y.y/31151;icmp, If: fe-0/0/0.0, Pkts: 1, Bytes: 84 a.makhinov@srx100> show security flow session nat summary Valid sessions: 0 Pending sessions: 0 Invalidated sessions: 0 Sessions in other states: 0 Total sessions: 0 a.makhinov@srx100> show security flow session nat extensive Session ID: 14512, Status: Normal Flag: 0x80000000 Policy name: trust-to-untrust/4 Source NAT pool: interface Maximum timeout: 4, Current timeout: 4 Session State: Valid Start time: 6387887, Duration: 0 In: x.x.x.x/1 --> y.y.y.y/13998;icmp, Interface: fe-0/0/1.0, Session token: 0x6, Flag: 0x21 Route: 0x60010, Gateway: x.x.x.x, Tunnel: 0 Port sequence: 0, FIN sequence: 0, FIN state: 0, Pkts: 1, Bytes: 84 Out: y.y.y.y/13998 --> z.z.z.z/13770;icmp, Interface: fe-0/0/0.0, Session token: 0x7, Flag: 0x20 Route: 0x50010, Gateway: z.z.z.z, Tunnel: 0 Port sequence: 0, FIN sequence: 0, FIN state: 0, Pkts: 1, Bytes: 84 Так же можно глянуть a.makhinov@srx100> show security nat source rule all Total rules: 1 Total referenced IPv4/IPv6 ip-prefixes: 3/0 source NAT rule: 1 Rule-set: Trust_to_Untrust Rule-Id : 1 Rule position : 1 From zone : trust To zone : untrust Match Source addresses : x.x.x.x - x.x.x.x Destination addresses : y.y.y.y - y.y.y.y y.y.y.y - y.y.y.y Destination port : 0 - 0 IP protocol : icmp Action : interface Persistent NAT type : N/A Persistent NAT mapping type : address-port-mapping Inactivity timeout : 0 Max session number : 0 Translation hits : 12719 Вставить ник Quote
Sergey M. Posted December 28, 2014 Author Posted December 28, 2014 спасибо, вроде потихоньку въезжать начинаю. Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.