Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Debugging and Managing cSRX Container Firewall

Stop a cSRX Container Firewall POD

By default, cSRX Container Firewall will not mount any external volumes from compute node. When a new cSRX Container Firewall instance is started, it will synchronize configuration from Security Director. Any syslog and security logs will be posted to Security Director as well. So cSRX Container Firewall POD can be stopped and destroyed directly by Contrail Service Orchestration (CSO).

To stop the cSRX Container Firewall POD:

  • Run the Docker command to stop cSRX Container Firewall.

    # kubectl delete -f <csrx-yaml-file>

    After the cSRX Container Firewall POD is stopped and destroyed, compute and storage resources of this cSRX Container Firewall POD are released.

# kubectl delete -f <csrx-yaml-file>

Verify Network Name

To verify the network name:

Run the following command to check the network name:

# kubectl get network-attachment-definitions -n

Verify Logs

To view and verify logs:

  1. Run the following command to access the path for log details:

    # cat /var/log/contrail/

  2. Run the following command to view the logs:

    # kubectl describe pods -n