Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Security

 

Policy

Monitoring Policies

Purpose

Display, sort, and review policy activity for every activated policy configured on the device. Policies are grouped by Zone Context (the from and to zones of the traffic) to control the volume of data displayed at one time. From the policy list, select a policy to display statistics and current network activity.

Action

To review policy activity:

  1. Select Monitor>Security>Policy>Activities in the J-Web user interface. The Security Policies Monitoring page appears and lists the policies from the first Zone Context. See Table 45 for field descriptions.

  2. Select the Zone Context of the policy you want to monitor, and click Filter. All policies within the zone context appear in match sequence.

  3. Select a policy, and click Clear Statistics to set all counters to zero for the selected policy.

Table 45: Security Policies Monitoring Output Fields

Field

Value

Additional Information

Zone Context (Total #)

Displays a list of all from and to zone combinations for the configured policies. The total number of active policies for each context is specified in the Total # field. By default, the policies from the first Zone Context are displayed.

To display policies for a different context, select a zone context and click Filter. Both inactive and active policies appear for each context. However, the Total # field for a context specifies the number of active policies only.

Default Policy action

Specifies the action to take for traffic that does not match any of the policies in the context:

  • permit-all—Permit all traffic that does not match a policy.

  • deny-all—Deny all traffic that does not match a policy.

From Zone

Displays the source zone to be used as match criteria for the policy.

To Zone

Displays the destination zone to be used as match criteria for the policy.

Name

Displays the name of the policy.

Source Address

Displays the source addresses to be used as match criteria for the policy. Address sets are resolved to their individual names. (In this case, only the names are given, not the IP addresses).

Destination Address

Displays the destination addresses (or address sets) to be used as match criteria for the policy. Addresses are entered as specified in the destination zone’s address book.

Source Identity

Displays the name of the source identities set for the policy.

To display the value of the source identities, hover the mouse on this field. Unknown source identities are also displayed.

Application

Displays the name of a predefined or custom application signature to be used as match criteria for the policy.

Dynamic App

Displays the dynamic application signatures to be used as match criteria if an application firewall rule set is configured for the policy.

For a network firewall, a dynamic application is not defined.

The rule set appears in two lines. The first line displays the configured dynamic application signatures in the rule set. The second line displays the default dynamic application signature.

If more than two dynamic application signatures are specified for the rule set, hover over the output field to display the full list in a tooltip.

Action

Displays the action portion of the rule set if an application firewall rule set is configured for the policy.

  • permit—Permits access to the network services controlled by the policy. A green background signifies permission.

  • deny—Denies access to the network services controlled by the policy. A red background signifies denial.

The action portion of the rule set appears in two lines. The first line identifies the action to be taken when the traffic matches a dynamic application signature. The second line displays the default action when traffic does not match a dynamic application signature.

NW Services

Displays the network services permitted or denied by the policy if an application firewall rule set is configured. Network services include:

  • gprs-gtp-profile—Specify a GPRS Tunneling Protocol profile name.

  • idp—Perform intrusion detection and prevention.

  • redirect-wx—Set WX redirection.

  • reverse-redirect-wx—Set WX reverse redirection.

  • uac-policy—Enable unified access control enforcement of the policy.

Policy Hit Counters Graph

Provides a representation of the value over time for a specified counter. The graph is blank if Policy Counters indicates no data. As a selected counter accumulates data, the graph is updated at each refresh interval.

To toggle a graph on and off, click the counter name below the graph.

Policy Counters

Lists statistical counters for the selected policy if Count is enabled. The following counters are available for each policy:

  • input-bytes

  • input-byte-rate

  • output-bytes

  • output-byte-rate

  • input-packets

  • input-packet-rate

  • output-packets

  • output-packet-rate

  • session-creations

  • session-creation-rate

  • active-sessions

To graph or to remove a counter from the Policy Hit Counters Graph, toggle the counter name. The names of enabled counters appear below the graph.

Checking Policies

Purpose

Enter match criteria and conduct a policy search. The search results include all policies that match the traffic criteria in the sequence in which they will be encountered.

Because policy matches are listed in the sequence in which they would be encountered, you can determine whether a specific policy is being applied correctly or not. The first policy in the list is applied to all matching traffic. Policies listed after this one remain in the “shadow” of the first policy and are never encountered by this traffic.

By manipulating the traffic criteria and policy sequence, you can tune policy application to suit your needs. During policy development, you can use this feature to establish the appropriate sequence of policies for optimum traffic matches. When troubleshooting, use this feature to determine if specific traffic is encountering the appropriate policy.

Action

  1. Select Monitor>Security>Policy>Shadow Policies in the J-Web user interface. The Check Policies page appears. Table 46 explains the content of this page.
  2. In the top pane, enter the From Zone and To Zone to supply the context for the search.
  3. Enter match criteria for the traffic, including the source address and port, the destination address and port, and the protocol of the traffic.
  4. Enter the number of matching policies to display.
  5. Click Search to find policies matching your criteria. The lower pane displays all policies matching the criteria up to the number of policies you specified.
    • The first policy will be applied to all traffic with this match criteria.

    • Remaining policies will not be encountered by any traffic with this match criteria.

  6. To manipulate the position and activation of a policy, select the policy and click the appropriate button:
    • Move—Moves the selected policy up or down to position it at a more appropriate point in the search sequence.

    • Move to—Moves the selected policy by allowing you to drag and drop it to a different location on the same page.

Table 46: Check Policies Output

Field

Function

Check Policies Search Input Pane

From Zone

Name or ID of the source zone. If a From Zone is specified by name, the name is translated to its ID internally.

To Zone

Name or ID of the destination zone. If a To Zone is specified by name, the name is translated to its ID internally.

Source Address

Address of the source in IP notation.

Source Port

Port number of the source.

Destination Address

Address of the destination in IP notation.

Destination Port

Port number of the destination.

Source Identity

Name of the source identity.

Protocol

Name or equivalent value of the protocol to be matched.

ah51
egp8
esp50
gre47
icmp1
igmp2
igp9
ipip94
ipv641
ospf89
pgm113
pim103
rdp27
rsvp46
sctp132
tcp6
udp17
vrrp112

Result Count

(Optional) Number of policies to display. Default value is 1. Maximum value is 16.

Check Policies List

From Zone

Name of the source zone.

To Zone

Name of the destination zone.

Total Policies

Number of policies retrieved.

Default Policy action

The action to be taken if no match occurs.

Name

Policy name

Source Address

Name of the source address (not the IP address) of a policy. Address sets are resolved to their individual names.

Destination Address

Name of the destination address or address set. A packet’s destination address must match this value for the policy to apply to it.

Source Identity

Name of the source identity for the policy.

Application

Name of a preconfigured or custom application of the policy match.

Action

Action taken when a match occurs as specified in the policy.

Hit Counts

Number of matches for this policy. This value is the same as the Policy Lookups in a policy statistics report.

Active Sessions

Number of active sessions matching this policy.

Alternatively, to list matching policies using the CLI, enter the show security match-policies command and include your match criteria and the number of matching policies to display.

Screen Counters

Monitoring Screen Counters

Purpose

View screen statistics for a specified security zone.

Action

Select Monitor>Security>Screen Counters in the J-Web user interface, or enter the following CLI command:

show security screen statistics zone zone-name

Table 47 summarizes key output fields in the screen counters display.

Table 47: Summary of Key Screen Counters Output Fields

Field

Values

Additional Information

Zones  

ICMP Flood

Internet Control Message Protocol (ICMP) flood counter.

An ICMP flood typically occurs when ICMP echo requests use all resources in responding, such that valid network traffic can no longer be processed.

UDP Flood

User Datagram Protocol (UDP) flood counter.

UDP flooding occurs when an attacker sends IP packets containing UDP datagrams with the purpose of slowing down the resources, such that valid connections can no longer be handled.

TCP Winnuke

Number of Transport Control Protocol (TCP) WinNuke attacks.

WinNuke is a denial-of-service (DoS) attack targeting any computer on the Internet running Windows.

TCP Port Scan

Number of TCP port scans.

The purpose of this attack is to scan the available services in the hopes that at least one port will respond, thus identifying a service to target.

ICMP Address Sweep

Number of ICMP address sweeps.

An IP address sweep can occur with the intent of triggering responses from active hosts.

IP Tear Drop

Number of teardrop attacks.

Teardrop attacks exploit the reassembly of fragmented IP packets.

TCP SYN Attack

Number of TCP SYN attacks.

IP Spoofing

Number of IP spoofs.

IP spoofing occurs when an invalid source address is inserted in the packet header to make the packet appear to come from a trusted source.

ICMP Ping of Death

ICMP ping of death counter.

Ping of death occurs when IP packets are sent that exceed the maximum legal length (65,535 bytes).

IP Source Route

Number of IP source route attacks.

TCP Land Attack

Number of land attacks.

Land attacks occur when attacker sends spoofed SYN packets containing the IP address of the victim as both the destination and source IP address.

TCP SYN Fragment

Number of TCP SYN fragments.

TCP No Flag

Number of TCP headers without flags set.

A normal TCP segment header has at least one control flag set.

IP Unknown Protocol

Number of unknown Internet protocols.

IP Bad Options

Number of invalid options.

IP Record Route Option

Number of packets with the IP record route option enabled.

This option records the IP addresses of the network devices along the path that the IP packet travels.

IP Timestamp Option

Number of IP timestamp option attacks.

This option records the time (in Universal Time) when each network device receives the packet during its trip from the point of origin to its destination.

IP Security Option

Number of IP security option attacks.

IP Loose route Option

Number of IP loose route option attacks.

This option specifies a partial route list for a packet to take on its journey from source to destination.

IP Strict Source Route Option

Number of IP strict source route option attacks.

This option specifies the complete route list for a packet to take on its journey from source to destination.

IP Stream Option

Number of stream option attacks.

This option provides a way for the 16-bit SATNET stream identifier to be carried through networks that do not support streams.

ICMP Fragment

Number of ICMP fragments.

Because ICMP packets contain very short messages, there is no legitimate reason for ICMP packets to be fragmented. If an ICMP packet is so large that it must be fragmented, something is amiss.

ICMP Large Packet

Number of large ICMP packets.

TCP SYN FIN Packet

Number of TCP SYN FIN packets.

TCP FIN without ACK

Number of TCP FIN flags without the acknowledge (ACK) flag.

TCP SYN-ACK-ACK Proxy

Number of TCP flags enabled with SYN-ACK-ACK.

To prevent flooding with SYN-ACK-ACK sessions, you can enable the SYN-ACK-ACK proxy protection screen option. After the number of connections from the same IP address reaches the SYN-ACK-ACK proxy threshold, Junos OS rejects further connection requests from that IP address.

IP Block Fragment

Number of IP block fragments.

UTM

Monitoring Antivirus

Purpose

Use the monitoring functionality to view the antivirus page.

Action

To monitor antivirus select Monitor>UTM>Antivirus in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>UTM>Antivirus in the J-Web user interface.

Meaning

Table 48 summarizes key output fields in the antivirus page.

Table 48: Antivirus Monitoring Page

Field

Value

Additional Information

UTM Antivirus

AV Key Expire Date

Displays antivirus licence key expiration date.

Update Server

Displays antivirus pattern update server settings.

Interval

Displays antivirus pattern interval.

Auto Update Status

Displays antivirus pattern auto update status.

Last Result

Displays last result of database loading.

AV Signature Version

Displays database version timestamp virus record number.

Scan Engine Info

Displays the information of the scan engine.

Pattern Type

Displays the pattern type.

UTM Antivirus Statistics

Antivirus statistics

Displays the antivirus statistics

  • The number of scan request being pre-windowed.

  • The total number of scan request forwarded to the engine.

  • The number of scan requests using scan-all mode.

  • The number of scan requests using scan-by-extension mode.

Clear Anti-Virus Statistics

Clear all current viewable statistics and begin collecting new statistics.

Monitoring Web Filtering

Purpose

Use the monitoring functionality to view the web filtering page.

Action

To monitor web filtering select Monitor>UTM>Web Filtering in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>UTM>Web Filtering in the J-Web user interface.

Meaning

Table 49 summarizes key output fields in the web filtering page.

Table 49: web filtering Monitoring Page

Field

Value

Additional Information

UTM Web Filtering Statistics

Statistics type

Displays the available information

  • white list hit

  • Black list hit

  • Queries to server

  • Server reply permit

  • Server reply block

  • Custom category permit

  • Custom category block

  • Site reputation permit

  • Site reputation block

  • Cache hit permit

  • Cache hit block

  • Safe-search redirect

  • Web-filtering sessions in total

  • Web-filtering sessions in use

  • Fall back: log-and-permit block

  • Default

  • Timeout

  • Connectivity

  • Too-many-requests

Clear Web Filtering Statistics

Clear all current viewable statistics and begin collecting new statistics.

Click Clear Web Filtering Statistics.

Monitoring Antispam

Purpose

Use the monitoring functionality to view the antispam page.

Action

To monitor antispam, select Monitor>Security>UTM>Anti Spam.

Meaning

Table 50 summarizes key output fields in the antispam page.

Table 50: Anti Spam Monitoring Page

Field

Value

Additional Information

UTM Anti Spam Status

Displays the DNS server setting IP and interface details for the following servers:

  • Primary

  • Secondary

  • Ternary

UTM Anti-spam Statistics

Displays the antispam statistics type and counter information:

  • SBL Whitelist Server

  • SBL Blacklist Server

  • DNS Server

  • Primary

  • Secondary

  • Ternary

  • Total connections

  • Denied connections

  • Total greetings

  • Denied greetings

  • Total e-mail scanned

  • Spam total

  • Spam tagged

  • Spam dropped

  • DNS errors

  • Timeout errors

  • Return errors

  • Invalid parameter errors

  • Statistics start time

Clear Anti-spam statistics

Clear all current viewable statistics and begin collecting new statistics.

Click Clear Anti-spam statistics.

Monitoring Content Filtering

Purpose

Use the monitoring functionality to view the content filtering page.

Action

To monitor content filtering select Monitor>Security>UTM>Content Filtering.

Meaning

Table 51 summarizes key output fields in the content filtering page.

Table 51: content filtering Monitoring Page

Field

Value

Additional Information

UTM Content Filtering Statistics

Displays the statistics type, counter passed, and counter blocked details:

  • Base on command list

  • Base on mime list

  • Base on extension list

  • ActiveX plugin

  • Java applet

  • EXE files

  • ZIP files

  • HTTP cookie

Clear Content Filtering statistics

Clear all current viewable statistics and begin collecting new statistics.

Click Clear Content Filtering statistics

ICAP Redirect

Monitoring ICAP Redirect

Purpose

Use the monitoring functionality to view the events page.

Action

To monitor events select Monitor>Security Services>ICAP Redirect in the J-Web user interface.

Note

When you use an HTTPS connection in the Microsoft Internet Explorer browser to save a report from this page in the J-Web interface, the error message "Internet Explorer was not able to open the Internet site" is displayed. This problem occurs because the Cache-Control: no cache HTTP header is added on the server side and Internet Explorer does not allow you to download the encrypted file with the Cache-Control: no cache HTTP header set in the response from the server.

As a workaround, refer to Microsoft Knowledge Base article 323308, which is available at this URL: https://support.microsoft.com/kb/323308. Also, you can alternatively use HTTP in the Internet Explorer browser or use HTTPS in the Mozilla Firefox browser to save a file from this page.

Meaning

summarizes key output fields in the events page.

IPS

Monitoring Attacks

Purpose

Use the monitoring functionality to view the Attacks page.

Action

To monitor attacks, select Monitor>Security>IDP>Attacks in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>IPS>Attacks in the J-Web user interface.

Meaning

Table 52 summarizes key output fields in the attacks page.

Table 52: Attacks Monitoring Page

Field

Description

Additional Information

Enable Log

An option to enable event logs.

Click Enable Log to enable logs.

Clear Log

An option to clear all the logs that is created during the session.

Click Clear Log.

Refresh interval (sec)

Displays the time interval, in seconds, set for page refresh. The default interval is 30 seconds

Select the time interval from the list.

Refresh

Displays the option to refresh the page. If Manual option is set, then manually click the Refresh button to refresh the page.

Click Refresh to refresh the page.

Clear

Provides an option to clear the data of the status type.

Click Clear to clear the details.

Attack Table

Filter By Attack Name

Specifies the string to search.

Enter the string and then click Go to execute the searching operation.

Clear

Provides an option to disable the searching operation and show all results.

Click Clear to show all results.

Active IDP policy

Displays active IDP policy that is used in the session.

Attack Name

Displays the kind of attacks in the attack table. Double click on Attack Name, Attack Details are displayed.

The available options are:

  • Display Name — Displays the name of the attack.

  • Severity — Displays the severity of the attack.

  • Category — Displays the category of attack in which the attacks are placed.

  • Recommended — Displays True or false to determined whether recommended or not.

  • Recommended Option — Displays a recommended action, when the security device detects an attack.

  • Type — Displays the type of attack.

  • Direction — Displays the connection direction of the attack.

  • False positives — Specifies the name of the false positives filter.

  • Services — Displays the service name.

Double click Attack Name.

Severity

Displays the severity of the attack. The severity levels are: critical, info, minor, major and warning.

Hits

Displays the count of hits. Double click on hits count, Attack Records are displayed.

The available options are:

  • Filter Log— To filter the attack records.

  • Go— To execute searching operation.

  • Clear— To clear the attack records.

Double click hits count, and then select an option.

Top N Attack Hits

Displays statistics about hits and shows top 10 hits.

Description

Displays information about attack.

Monitoring IDP Status

Purpose

View detailed information about the IDP Status, Memory, Counters, Policy Rulebase Statistics, and Attack table statistics.

Action

To view Intrusion Detection and Prevention (IDP) table information, do one of the following:

  • If you are using SRX5400, SRX5600, or SRX5800 platforms, select Monitor>Security>IDP>Status in the J-Web user interface, or enter the following CLI commands:

    • show security idp status

    • show security idp memory

  • Select Monitor>Security>IPS>Status in the J-Web user interface.

Table 53 summarizes key output fields in the IDP display.

Table 53: Summary of IDP Status Output Fields

Field

Values

Additional Information

IDP Status  

Status of IDP

Displays the status of the current IDP policy.

Up Since

Displays the time from when the IDP policy first began running on the system.

Packets/Second

Displays the number of packets received and returned per second.

Peak

Displays the maximum number of packets received per second and the time when the maximum was reached.

Kbits/Second

Displays the aggregated throughput (kilobits per second) for the system.

Peak Kbits

Displays the maximum kilobits per second and the time when the maximum was reached.

Latency (Microseconds)

Displays the delay, in microseconds, for a packet to receive and return by a node .

Current Policy

Displays the name of the current installed IDP policy.

IDP Memory Status  

IDP Memory Statistics

Displays the status of all IDP data plane memory.

PIC Name

Displays the name of the PIC.

Total IDP Data Plane Memory (MB)

Displays the total memory space, in megabytes, allocated for the IDP data plane.

Used (MB)

Displays the used memory space, in megabytes, for the data plane.

Available (MB)

Displays the available memory space, in megabytes, for the data plane.

Flow Session

Monitoring Flow Session Statistics

Purpose

Use the monitoring functionality to view the flow session statistics page.

Action

To monitor flow session statistics, select Monitor>Security>Flow Session Statistics in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>Flow Session in the J-Web user interface.

Meaning

Table 54 summarizes key output fields in the flow session statistics page.

Table 54: Flow Session Statistics Monitoring Page

Field

Value

Additional Information

Session Filter

Provides the option to filter sessions. The available options are:

  • all

  • application

  • destination-port

  • destination-prefix

  • interface

  • protocol

  • source-port

  • source-prefix

Select an option.

Clear

Provides the option to clear the session details statistics.

Click Clear to clear the details session statistics.

Show

Provides the option to show the session details statistics.

Click Show to show the details session statistics.

Session Summary - all

Valid sessions

Displays the summary of valid sessions.

Pending sessions

Displays the summary of pending sessions.

Invalidated sessions

Displays the summary of invalid sessions.

Sessions in other states

Displays the summary of sessions in other states

Unicast-sessions

Displays the total number of active unicast sessions.

Multicast-sessions

Displays the total number of active multicast sessions.

Failed-sessions

Displays the total number of failed sessions.

Active-sessions

Displays the total number of active sessions.

Maximum-sessions

Displays the maximum number of supported sessions.

Session Summary — application

Application name

Displays the application name for the session summary.

Select the application from the drop down box.

Session ID

Displays the number that identifies the session. Use this ID to get more information about the session.

Policy name

Displays the policy that permitted the traffic.

Timeout

Displays the idle timeout after which the session expires.

In

Displays the incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Displays the reverse flow (source and destination IP addresses, application protocol, and interface).

Session Summary — destination-port

Port

Provides the option to enter the destination port address.

Enter the destination port address.

Session ID

Displays the number that identifies the session. Use this ID to get more information about the session.

Policy name

Displays the policy that permitted the traffic.

Timeout

Displays the idle timeout after which the session expires.

In

Displays the incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Displays the reverse flow (source and destination IP addresses, application protocol, and interface).

Session Summary — destination-prefix

IP Prefix

Provides the option to enter destination IP prefix or IP address.

Enter the destination prefix address.

Session ID

Displays the number that identifies the session. Use this ID to get more information about the session.

Policy name

Displays the policy that permitted the traffic.

Timeout

Displays the idle timeout after which the session expires.

In

Displays the incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Displays the reverse flow (source and destination IP addresses, application protocol, and interface).

Session Summary — interface

Interface

Provides the option to enter interface details.

Enter the interface details.

Session ID

Displays the number that identifies the session. Use this ID to get more information about the session.

Policy name

Displays the policy that permitted the traffic.

Timeout

Displays the idle timeout after which the session expires.

In

Displays the incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Displays the reverse flow (source and destination IP addresses, application protocol, and interface).

Session Summary — protocol

Protocol

Provides the option to enter protocol details.

Enter the protocol details.

Session ID

Displays the number that identifies the session. Use this ID to get more information about the session.

Policy name

Displays the policy that permitted the traffic.

Timeout

Idle timeout after which the session expires.

In

Displays the incoming flow (source and destination IP addresses, application protocol, and interface).

Out

Displays the reverse flow (source and destination IP addresses, application protocol, and interface).

Flow Gate

Monitoring Flow Gate Information

Purpose

View information about temporary openings known as pinholes or gates in the security firewall.

Action

Select Monitor>Security>Flow Gate in the J-Web user interface, or enter the show security flow gate command.

Table 55 summarizes key output fields in the flow gate display.

Table 55: Summary of Key Flow Gate Output Fields

Field

Values

Additional Information

Flow Gate Information

Hole

Range of flows permitted by the pinhole.

Translated

Tuples used to create the session if it matches the pinhole:

  • Source address and port

  • Destination address and port

Protocol

Application protocol, such as UDP or TCP.

Application

Name of the application.

Age

Idle timeout for the pinhole.

Flags

Internal debug flags for pinhole.

Zone

Incoming zone.

Reference count

Number of resource manager references to the pinhole.

Resource

Resource manager information about the pinhole.

Authentication

Monitoring Firewall Authentication

Purpose

Use the monitoring functionality to view the firewall authentication page.

Action

To monitor firewall authentication, select Monitor>Security>Firewall Authentication in the J-Web user interface if you are using SRX5400, SRX5600, or SRX5800 platforms.

Or

Select Monitor>Security>Authentication>Firewall Auth in the J-Web user interface.

Meaning

Table 56 summarizes key output fields in the firewall authentication page.

Table 56: Firewall Authentication Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the list of virtual chassis member.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click Clear to clear the monitor summary.

User Table

ID

Displays the authentication identification number.

Source IP

Displays the IP address of the authentication source.

Age

Displays the idle timeout for the user.

Status

Displays the status of authentication (success or failure).

User

Displays the name of the user.

History Table

ID

Displays the identification number.

Source IP

Displays the IP address of the authentication source.

Duration

Displays the authentication duration.

Status

Displays the status of authentication (success or failure).

User

Displays the name of the user.

Monitoring Local Authentication

Purpose

Use the monitoring functionality to view the local authentication page.

Action

To monitor local authentication, select Monitor>Authentication>Local Auth in the J-Web user interface.

Note
  • Starting in Junos OS Release 18.2R1, Monitor>Authentication>Local Auth option is enabled for logical system users.

  • Starting in Junos OS Release 19.1R1, Monitor>Authentication>Local Auth option is enabled for tenant users.

  • Clear All option is not available for both logical system and tenant users.

Meaning

Table 57 summarizes key output fields in the local authentication page.

Table 57: Local Authentication Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the list of virtual chassis members.

Select one of the virtual chassis members listed.

Filter by

Displays the local authentication information based on the selected filter.

IP

Displays the IP address.

User Name

Displays the name of the user.

Role List

Displays the list of roles assigned to the username.

Monitoring UAC Authentication

Purpose

Use the monitoring functionality to view the UAC authentication page.

Action

To monitor UAC authentication, select Monitor>Security>Authentication>UAC Auth in the J-Web user interface.

Meaning

Table 58 summarizes key output fields in the UAC authentication page.

Table 58: UAC Authentication Monitoring Page

Field

Value

Additional Information

Filter by

Displays the UAC authentication value based on the selected filter.

ID

Displays the authentication identification number.

Source IP

Displays the IP address of the authentication source.

User Name

Displays the name of the user.

Age

Displays the idle timeout for the user.

Role List

Displays the list of roles assigned to the username.

Voice ALGs

Monitoring Voice ALG Summary

Purpose

Use the monitoring functionality to view the voice ALG summary page.

Action

To monitor voice ALG summary, select Monitor>Security>Voice ALGs>Summary in the J-Web user interface.

Meaning

Table 59 summarizes key output fields in the voice ALG summary page.

Table 59: Voice ALG Summary Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Display the list of virtual chassis member.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click Clear to clear the monitor summary.

Protocol Name

Displays the protocols configured.

Total Calls

Displays the total number of calls.

Number of Active Calls

Displays the number of active calls.

Number of Received Packets

Displays the number of packets received.

Number of Errors

Displays the number of errors.

H.323 Calls Chart

Displays the H.323 calls chart.

MGCP Calls Chart

Displays the MGCP calls chart.

SCCP Calls Chart

Displays the SCCP calls chart.

SIP Calls Chart

Displays the SIP calls chart.

Monitoring Voice ALG H.323

Purpose

Use the monitoring functionality to view the ALG H.323 page.

Action

To monitor ALG H.323 select Monitor>Security>Voice ALGs>H.323 in the J-Web user interface.

Meaning

Table 60 summarizes key output fields in the ALG H.323 page.

Table 60: ALG H.323 Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Display the list of virtual chassis member.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click clear to clear the monitor summary.

H.323 Counter Summary

Category

Displays the following categories:

  • Packets received—Number of ALG H.323 packets received.

  • Packets dropped—Number of ALG H.323 packets dropped.

  • RAS message received Number of incoming RAS (Registration, Admission, and Status) messages per second per gatekeeper received and processed.

  • Q.931 message received—Counter for Q.931 message received.

  • H.245 message received— Counter for H.245 message received.

  • Number of calls—Total number of ALG H.323 calls.

  • Number of active calls—Number of active ALG H.323 calls.

  • Number of DSCP Marked—Number of DSCP Marked on ALG H.323 calls.

Count

Provides count of response codes for each H.323 counter summary category.

H.323 Error Counter

Category

Displays the following categories:

  • Decoding errors—Number of decoding errors.

  • Message flood dropped—Error counter for message flood dropped.

  • NAT errors—H.323 ALG NAT errors.

  • Resource manager errors—H.323 ALG resource manager errors.

  • DSCP Marked errors—H.323 ALG DSCP marked errors.

Count

Provides count of response codes for each H.323 error counter category.

Counter Summary Chart

Packets Received

Provides the graphical representation of the packets received.

H.323 Message Counter

Category

Displays the following categories:

  • RRQ—Registration Request message counter.

  • RCF—Registration Confirmation Message.

  • ARQ—Admission Request message counter.

  • ACF—Admission Confirmation

  • URQ—Unregistration Request.

  • UCF—Unregistration Confirmation.

  • DRQ—Disengage Request.

  • DCF—Disengage Confirmation.

  • Oth RAS—Other incoming Registration, Admission, and Status messages message counter.

  • Setup—Timeout value, in seconds, for the response of the outgoing setup message.

  • Alert—Alert message type.

  • Connect—Connect setup process.

  • CallProd—Number of call production messages sent.

  • Info—Number of info requests sent.

  • RelCmpl—Number of Rel Cmpl message ssent.

  • Facility—Number of facility messages sent.

  • Empty—Empty capabilities to the support message counter.

  • OLC—Open Local Channel message counter.

  • OLC ACK—Open Local Channel Acknowledge message counter.

  • Oth H245—Other H.245 message counter

Count

Provides count of response codes for each H.323 message counter category.

Monitoring Voice ALG MGCP

Purpose

Use the monitoring functionality to view the voice ALG MGCP page.

Action

To monitor ALG MGCP, select Monitor>Security>Voice ALGs>MGCP in the J-Web user interface.

Meaning

Table 61 summarizes key output fields in the voice ALG MGCP page.

Table 61: Voice ALG MGCP Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the list of virtual chassis member.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click Clear to clear the monitor summary.

Counters
MGCP Counters Summary

Category

Displays the following categories:

  • Packets Received—Number of ALG MGCP packets received.

  • Packets Dropped— Number of ALG MGCP packets dropped.

  • Message received— Number of ALG MGCP messages received.

  • Number of connections— Number of ALG MGCP connections.

  • Number of active connections— Number of active ALG MGCP connections.

  • Number of calls— Number of ALG MGCP calls.

  • Number of active calls— Number of active ALG MGCP calls.

  • Number of active transactions— Number of active transactions.

  • Number of transactions— Number of transactions.

  • Number of re-transmission—Number of ALG MGCP retransmissions.

  • Number of active endpoints— Number of MGCP active enpoints.

  • Number of DSCP marked— Number of MGCP DSCPs marked.

Count

Provides the count of response codes for each MGCP counter summary category.

MGCP Error Counter

Category

Displays the following categories:

  • Unknown-method— MGCP ALG unknown method errors.

  • Decoding error— MGCP ALG decoding errors.

  • Transaction error— MGCP ALG transaction errors.

  • Call error— MGCP ALG call ounter errors.

  • Connection error— MGCP ALG connection errors.

  • Connection flood drop— MGCP ALG connection flood drop errors.

  • Message flood drop— MGCP ALG message flood drop error.

  • IP resolve error— MGCP ALG IP address resolution errors.

  • NAT error— MGCP ALG NAT errors.

  • Resource manager error— MGCP ALG resource manager errors.

  • DSCP Marked error— MGCP ALG DSCP marked errors.

Count

Provides the count of response codes for each summary error counter category.

Counter Summary Chart

Displays the Counter Summary Chart.

MGCP Packet Counters

Category

Displays the following categories:

  • CRCX— Create Connection

  • MDCX— Modify Connection

  • DLCX— Delete Connection

  • AUEP— Audit Endpoint

  • AUCX— Audit Connection

  • NTFY— Notify MGCP

  • RSIP— Restart in Progress

  • EPCF— Endpoint Configuration

  • RQNT— Request for Notification

  • 000-199—Respond code is 0-199

  • 200-299—Respond code is 200-299

  • 300-399—Respond code is 300-399

Count

Provides count of response codes for each MGCP packet counter category.

Calls

Endpoint@GW

Displays the endpoint name.

Zone

Displays the following options:

  • trust—Trust zone.

  • untrust—Untrust zone.

Endpoint IP

Displays the endpoint IP address.

Call ID

Displays the call identifier for ALG MGCP.

RM Group

Displays the resource manager group ID.

Call Duration

Displays the duration for which connection is active.

Monitoring Voice ALG SCCP

Purpose

Use the monitoring functionality to view the voice ALG SCCP page.

Action

To monitor voice ALG SCCP, select Monitor>Security>Voice ALGs>SCCP in the J-Web user interface.

Meaning

Table 62 summarizes key output fields in the voice ALG SCCP page.

Table 62: Voice ALG SCCP Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the list of virtual chassis member.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click Clear to clear the monitor summary.

SCCP Call Statistics

Category

Displays the following categories:

  • Active client sessions— Number of active SCCP ALG client sessions.

  • Active calls— Number of active SCCP ALG calls.

  • Total calls— Total number of SCCP ALG calls.

  • Packets received— Number of SCCP ALG packets received.

  • PDUs processed— Number of SCCP ALG protocol data units (PDUs) processed.

  • Current call rate— Number of calls per second.

  • DSCPs Marked— Number of DSCP marked.

Count

Provides count of response codes for each SCCP call statistics category.

Call Statistics Chart

Displays the Call Statistics chart.

SCCP Error Counters

Category

Displays the following categories:

  • Packets dropped— Number of packets dropped by the SCCP ALG.

  • Decode errors— Number of SCCP ALG decoding errors.

  • Protocol errors— Number of protocol errors.

  • Address translation errors— Number of NAT errors encountered by SCCP ALG.

  • Policy lookup errors— Number of packets dropped because of a failed policy lookup.

  • Unknown PDUs— Number of unknown PDUs.

  • Maximum calls exceed— Number of times the maximum SCCP calls limit was exceeded.

  • Maximum call rate exceed— Number of times the maximum SCCP call rate was exceeded.

  • Initialization errors— Number of initialization errors.

  • Internal errors— Number of internal errors.

  • Nonspecific errors— Number of nonspecific errors.

  • No active calls to be deleted— Number of no active calls to be deleted.

  • No active client sessions to be deleted— Number of no active client sessions to be deleted.

  • Session cookie created error— Number of session cookie created errors.

    Invalid NAT cookies deleted— Number of invalid NAT cookies deleted.

    NAT cookies not found— Number of NAT cookies not found.

  • DSCP Marked Error— Number of DSCP marked errors.

Count

Provides count of response codes for each SCCP error counter category.

Calls

Client IP

Displays the IP address of the client.

Zone

Displays the client zone identifier.

Call Manager

Displays the IP address of the call manager.

Conference ID

Displays the conference call identifier.

RM Group

Displays the resource manager group identifier.

Monitoring Voice ALG SIP

Purpose

Use the monitoring functionality to view the voice ALG SIP page.

Action

To monitor voice ALG SIP select Monitor>Security>Voice ALGs>SIP in the J-Web user interface.

Meaning

Table 63 summarizes key output fields in the voice ALG SIP page.

Table 63: Voice ALG SIP Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the list of virtual chassis members.

Select one of the virtual chassis members listed.

Refresh Interval (30 sec)

Displays the time interval set for page refresh.

Select the time interval from the drop-down list.

Refresh

Displays the option to refresh the page.

Clear

Provides an option to clear the monitor summary.

Click Clear to clear the monitor summary.

Counters
SIP Counters Information

Method

Displays the SIP counter information. The available options are:

  • BYE— Number of BYE requests sent. A user sends a BYE request to abandon a session. A BYE request from either user automatically terminates the session.

  • REGISTER— Number of REGISTER requests sent. A user sends a REGISTER request to a SIP registrar server to inform it of the current location of the user. The SIP registrar server records all the information it receives in REGISTER requests and makes this information available to any SIP server attempting to locate a user.

  • OPTIONS— Number of OPTIONS requests sent. An OPTION message is used by the User Agent (UA) to obtain information about the capabilities of the SIP proxy. A server responds with information about what methods, session description protocols, and message encoding it supports.

  • INFO— Number of INFO requests sent. An INFO message is used to communicate mid-session signaling information along the signaling path for the call.

  • MESSAGE— Number of MESSAGE requests sent. SIP messages consist of requests from a client to the server and responses to the requests from the server to a client for the purpose of establishing a session (or a call).





 
SIP Counters Information (continued)

Method

  • NOTIFY— Number of NOTIFY requests sent. A NOTIFY message is sent to inform subscribers about the change in state of the subscription.

  • PRACK— Number of PRACK requests sent. The PRACK request plays the same role as the ACK request, but for provisional responses.

  • PUBLISH— Number of PUBLISH requests sent. The PUBLISH request is used for publishing the event state. PUBLISH is similar to REGISTER that allows a user to create, modify, and remove state in another entity which manages this state on behalf of the user.

  • REFER— Number of REFER requests sent. A REFER request is used to refer the recipient (identified by the Request-URI) to a third party identified by the contact information provided in the request.

  • SUBSCRIBE— Number of SUBSCRIBE requests sent. A SUBSCRIBE request is used to request current state and state information updates from a remote node.

  • UPDATE— Number of UPDATE requests sent. An UPDATE request is used to create a temporary opening in the firewall (pinhole) for new or updated Session Description Protocol (SDP) information. The following header fields are modified: Via, From, To, Call-ID, Contact, Route, and Record-Route.

  • BENOTIFY— Number of BENOTIFY requests sent. A BENOTIFY request is used to reduce the unnecessary SIP signaling traffic on application servers. Applications that do not need a response for a NOTIFY request can enhance performance by enabling BENOTIFY.

  • SERVICE— Number of SERVICE requests sent. The SERVICE method is used by a SIP client to request a service from a SIP server. It is a standard SIP message and will be forwarded until it reaches the server or end user that is performing the service.

  • OTHER— Number of OTHER requests sent.

T, RT

Displays the transmit and retransmit method.

1xx, RT

Displays one transmit and retransmit method.

2xx, RT

Displays two transmit and retransmit methods.

3xx, RT

Displays three transmit and retransmit methods.

4xx, RT

Displays four transmit and retransmit methods.

5xx, RT

Displays five transmit and retransmit methods.

6xx, RT

Displays six transmit and retransmit methods.

Calls

Call ID

Displays the call ID.

Method

Displays the call method used.

State

Displays the state of the ALG SIP.

Group ID

Displays the group identifier.

Invite Method Chart

Displays the invite method chart. The available options are:

  • T/RT

  • 1xx/ RT

  • 2xx/ RT

  • 3xx/ RT

  • 4xx/ RT

  • 5xx/ RT

  • 6xx/ RT

SIP Error Counters

Category

Displays the SIP error counters. The available options are:

  • Total Pkt-in— Number of SIP ALG total packets received.

  • Total Pkt dropped on error— Number of packets dropped by the SIP ALG.

  • Call error— SIP Number of ALG call errors.

  • IP resolve error— Number of SIP ALG IP address resolution errors.

  • NAT error— SIP Number of ALG NAT errors.

  • Resource manager error— Number of SIP ALG resource manager errors.

  • RR header exceeded max— Number of times the SIP ALG RR (Record-Route) headers exceeded the maximum limit.

  • Contact header exceeded max— Number of times the SIP ALG contact header exceeded the maximum limit.

  • Call dropped due to limit— Number of SIP ALG calls dropped because of call limits.

  • SIP stack error— Number of SIP ALG stack errors.

  • SIP Decode error— Number of SIP ALG decode errors.

  • SIP unknown method error— Number of SIP ALG unknow method errors.

  • SIP DSCP marked—SIP ALG DSCP marked.

  • SIP DSCP marked error— Number of SIP ALG DSCPs marked.

  • RTO message sent— Number of SIP ALG marked RTO messages sent.

  • RTO message received— Number of SIP ALG RTO messages received.

  • RTO buffer allocation failure— Number of SIP ALG RTO buffer allocation failures.

  • RTO buffer transmit failure— Number of SIP ALG RTO buffer transmit failures.

  • RTO send processing error— Number of SIP ALG RTO send processing errors.

  • RTO receiving processing error— Number of SIP ALG RTO receiving processing errors.

  • RTO receive invalid length— Number of SIP ALG RTOs receiving invalid length.

  • RTO receive call process error— Number of SIP ALG RTO receiving call process errors.

  • RTO receive call allocation error— Number of SIP ALG RTO receiving call allocation error.

  • RTO receive call register error— Number of SIP ALG RTO receiving call register errors.

  • RTO receive invalid status error— Number of SIP ALG RTO receiving register errors.

Count

Provides count of response codes for each SIP ALG counter category.

Application Firewall

Monitoring Application Firewalls

Purpose

Use the monitoring functionality to view the application firewall page. Applications can breach IP and port-based security policies by accessing standard HTTP ports 80 and 443 to tunnel non-HTTP traffic or by using ports other than 80 or 443 for HTTP traffic. An application firewall screens traffic based on an application signature rather than IP or port address. The implementation of both application firewall and network firewall policies contributes to the full security of the network.

Action

To monitor application firewall select Monitor>Security>Application FW.

The upper pane of the Application Firewall Monitoring page provides a list of the rule sets currently configured on your device. When you select a rule set in the upper pane, the lower panes display the rules and counters associated with that rule set. Each rule entry identifies dynamic application signatures for match criteria and the action to be taken with an application signature match.

The counter pane maintains current statistics about the actions taken for the application signatures that are encountered. The Clear Counters button resets all counters to zero and begins counting again. After the number of seconds specified in the Refresh Interval has expired, the new counter values are displayed.

Meaning

Table 64 summarizes key output fields in the application firewall page.

Table 64: Application firewall Monitoring Page

Field

Value

Additional Information

Rule Set

Name

Displays the rule sets configured for the device.

Select a rule set to display its associated rules and counters in the lower panes.

Default Rule

Displays the action taken when traffic does not match any of the associated rules.

  • permit—Permits all traffic that does not match any rule in the rule set.

  • deny—Denies all traffic that does not match any rule in the rule set.

Rules

Displays the rule names associated with the rule set.

Rules in Selected Rule Set

Rule Name

Lists the names of the rules included in the rule set.

Match Dynamic Applications

Displays the dynamic applications used as match criteria for the associated rule.

Action

Displays the action to be taken if the traffic matches the associated rule’s match criteria.

  • permit—Permits traffic that matches the rule.

  • deny—Denies traffic that matches the rule.

Counters for Selected Rule-Set

Refresh interval (sec)

Specifies the interval in seconds when counter values are refreshed.

Counter

Displays the counter for rule in the rule set

Value

Displays the value for rule in the rule set

Application Tracking

Monitoring Application Statistics (Application Tracking)

Purpose

Use the Application Tracking functions to monitor sessions and bytes of a particular application or application group.

Action

To monitor and track applications, select Monitor>Security>Application Tracking in the J-Web user interface.

Note

If application tracking is disabled, the Application Tracking page is also disabled. To enable application tracking, select Configure>Security>Logging in the J-Web user interface.

Meaning

Table 65 summarizes key output fields in the Application Tracking page.

Table 65: Application Tracking Monitoring Page

Field

Value

Additional Information

Risk

Displays the risk as critical, moderate, low, or unsafe. The risk factor is based on the predefined security standard.

Note: Risk is displayed only for applications.

Name

Displays the name of the application or application group.

# Sessions

Displays the number of active sessions.

Traffic

Displays the application or application group traffic in kilobytes.

Session %

Displays the session percentage of the current application or application groups.

Traffic %

Displays the traffic percentage of the application or application groups.

Selected Statistics

Cumulative

Refers to the statistics that are collected from the last clearing time specified to the current time.

Time Interval

Enables you to set an interval of time during which statistics are collected.

You can specify the time interval in minutes, hours, or days. The default is 1 minute.

For example, if you set 5 minutes as the time interval at 13:00 hours, then statistics are collected from 13:00 to 13:05.

Details

Time Interval Began

If Cumulative is selected, this field displays the last reset time that was set.

If Time Interval is selected, this field displays the last interval that was set.

Elapsed Time

Displays the time elapsed since the last time interval began.

Clear

If Cumulative is selected, the cumulative statistics are cleared.

If Time Interval is selected, the statistics collected during the last specified interval are cleared.

You are prompted to confirm that you want to clear the statistics.

View

Switch to Grid

In the grid view, data is displayed in a table.

By default, application tracking statistics are displayed in the grid view.

Switch to Graphical

In the graphical view, data is displayed in a chart. The two types of charts supported are:

  • Bar

  • Pie

# Displayed – Enables you to set the number of applications or application groups to be displayed in the chart. The maximum number allowed is 10, and the default is 3.

Display order – Enables you to sort the application and application groups in ascending or descending order. By default, applications are displayed in descending order.

Display by – Enables you to filter the display of applications and application groups by the following:

  • # Sessions

  • Session %

  • Traffic

  • Traffic %

Bar chart is the default.

Refresh Display

Click Refresh Display to retrieve the most current data.

Settings

Enables you to set some additional options. You can set the following:

  • Display Refresh Interval - Enables you to set the interval for refreshing. You can specify a refresh time from 1 minute to 24 hours. The default is 1 minute.

  • Display Columns – Enables you to select the columns you want to display in the output.

    Note: The Display Columns option is available only in the grid view.

Filter By

Application

Enables you to collect application level statistics.

You can filter application or application group statistics by the following:

  • Name (default filter)

    Filters the application or application groups by the name specified. Contains and Exact Match filters are supported.

  • # Session

  • Session %

  • Traffic

  • Traffic %

Application Group

Enables you to collect application group statistics.

Add to Results

Adds the filtered results to the output.

DS-Lite

Monitoring DS-Lite

Purpose

Use the monitoring functionality to view the DS-Lite page.

Action

To monitor DS-Lite select Monitor>Security>DS-Lite in the J-Web user interface.

Meaning

Table 66 summarizes key output fields on the DS-Lite page.

Table 66: DS-Lite Monitoring Page

Field

Value

Additional Information

Virtual Chassis Member

Displays the virtual chassis of the device

Refresh Interval

Displays the time interval for page refresh.

Select the time interval from the list.

General Info

Name

Displays the name of the DS-Lite configuration.

Address

Displays the IP address of the device.

Status

Displays the status of the DS-Lite configuration.

  • Connected–DS-Lite configuration is connected.

  • Disconnected–DS-Lite configuration is not connected.

Num of softwire initiator

Displays the number of softwire initiators connected to the device.

Softwire Initiator from Selected Item

Address

Displays the IP address of the softwire of the selected DS-Lite configuration.

Status

Displays the status of the softwire initiator.

  • Active–The softwire initiator is active.

  • Inactive–The softwire initiator is inactive.

The status types displayed are active and inactive.

spu-id

Displays the identification number of the Services Processing Unit.

AppQoS

Monitoring AppQoS

Purpose

Use the Application QoS Monitoring page to view counters and statistics for AppQoS activity.

Action

To monitor AppQoS, select Monitor>Security>Application QoS.

RefreshUpdates the display with current information. The refresh limit updates the display automatically at the interval specified. To change the refresh rate, select the number of seconds in the Refresh interval (sec) field.
Clear statisticsClears the statistics in the associated pane.
Clear counterResets the counters to 0 in the associated pane.

Meaning

The rate limiters statistics pane displays transfer rate information for recent traffic per PIC. For a summary of this pane, refer to Table 67.

The rules statistics pane displays the amount of traffic on each PIC broken down by the rule set and rule applied to each session. For a summary of this pane, refer to Table 68.

Counters for Selected Rule-Set pane displays AppQoS session activity per PIC. For a summary of this pane, refer to Table 69.

Table 67: Rate limiter statistics Pane

Field

Value

Additional Information

PIC

PIC for which the AppQoS settings of the most recent sessions are displayed.

Select the PIC to display AppQoS rate-limiter information for its recent traffic.

Rule-set Name

Name of the rule set applied to each session.

Application

Applications associated with the applied rule set.

Client2server rate limiter

Name of the rate limiter applied in the client-to-server direction.

Rate (bps)

Maximum transfer rate specified for the client-to-server rate limiter.

Server2client rate limiter

Name of the rate limiter applied in the server-to-client direction.

Rate (bps)

Maximum transfer rate specified for the server-to-client rate limiter.

Table 68: Rules statistics Pane

Field

Value

Additional Information

PIC

PIC for which the rule statistics are displayed.

Select the PIC to display the number of times each AppQoS rule set and rule are applied on this PIC.

Rule- set name

Name of the rule set applied to each session.

Rule name

Name of the rule in the rule set.

Hits

Number of occurrences when this rule has been matched and applied.

Table 69: Counters for Selected Rule-Set Pane

Field

Value

Additional Information

PIC

PIC number for which the AppQoS counts apply.

Sessions processed

The number of sessions processed on the PIC.

Sessions marked

The number of sessions where the DSCP setting was marked.

Sessions honored

The number of sessions where an existing DSCP setting was honored.

Sessions rate limited

The number of sessions that were rate limited.

Client2server flows rate limited

The number of client-to-server flows that were rate limited.

Server2client flows rate limited

The number of server-to-client flows that were rate limited.

Threat Prevention

Monitoring Threat Prevention—Diagnostics

Purpose

Juniper Sky Advanced Threat Prevention (ATP) uses real-time information from the cloud to provide your business with anti-malware protection.

The monitoring functionality is use to view and diagnose threat prevention policies.

Table 70 examines the content present in the page.

Action

To monitor and diagnose threat prevention policies select Monitor> Security Services >Sky ATP>Diagnostics in the J-Web user interface.

Meaning

Summarizes key output fields on the page.

Table 70: Diagnostics page option

Field

Value

Additional Information

Diagnostics

SKY ATP Diagnostics

Specify to diagnose.

Select an option from the drop down list.

Diagnostics Logs

Displays the diagnostic logs for the selected option.

-

Check Connectivity

Check

Check the connectivity.

Click on the Check.

Server Details

Server hostname

Specify the host name of the server.

Server realm

Specifies the name of a server realm.

Server port

Specify the server port number.

Connection Plane

Connection time

Specify the connection time of the server.

Connection Status

Specify the connection status.

Service Plane

Card Info

Specify the card number.

Connection Active Number

Specify the connection active numbers.

Connection Relay statistics

Specify the connection relay statistics.

Other Details

Configured Proxy Server

Specify the configured proxy server.

Port Number

Specify the port number of the proxy server.

Monitoring Threat Prevention—Statistics

Purpose

Use this page to verify the statistics of advanced-anti-malware sessions and security Intelligence sessions

Action

To monitor and diagnose threat prevention policies select Monitor>Security Services >SKY ATP >Statistics in the J-Web user interface.

Table 71 examines the content present in the field.

Meaning

Summarizes key output fields on the Statistics page.

Table 71: Statistics Page options

Field

Value

Additional Information

Advanced Anti Malware Session Statistics

TOTAL

Specify the TOTAL Session.

-

HTTP

Specify the HTTP Session.

-

HTTPS

Specify the HTTP Session.

-

SMTP

Specify the simple mail transfer protocol session.

-

SMTPS

Specify SMTPS seesion.

-

Clear Staistics

Clear the statistics.

-

Sessions

activities

Specify the total session activities.

-

blocked

Specify the blocked session.

-

permitted

Specify the permitted session .

Security Intelligence Session Statistics

Profiles

Displays the IP address of the softwire of the selected DS-Lite configuration.

Sessions

  

TOTAL

Displays the identification number of the Services Processing Unit.

PERMIT

Specify the permitted session.

BLOCK-DROP

Specify the block drop.

BLOCK-CLOSE

Specify the block close.

CLOSE-REDIRECT

Specify the closure of the redirect session.

Clear Statistics

Clear the statistics.

Release History Table
Release
Description
Starting in Junos OS Release 19.1R1, Monitor>Authentication>Local Auth option is enabled for tenant users.
Starting in Junos OS Release 18.2R1, Monitor>Authentication>Local Auth option is enabled for logical system users.