[ScreenOS] Snoop and debug flow


Debug flow basic:
Understanding debug flow filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6709&actp=METADATA
Running "debug flow basic": https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208
How do I capture debugging (debug flow) information?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=METADATA
When to use 'snoop' and 'debug flow': https://kb.juniper.net/InfoCenter/index?page=content&id=KB5967&actp=METADATA

Snoop:
How do you use Snoop for troubleshooting?:https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA
What options are available when configuring snoop?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6586&actp=METADATA
How to apply the logical 'AND' or 'OR' snoop filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6707&actp=METADATA
How do I interpret the snoop output?https://kb.juniper.net/InfoCenter/index?page=content&id=KB6708&actp=METADATA
How to follow a packet by using Snoop: https://kb.juniper.net/InfoCenter/index?page=content&id=KB5413&actp=METADATA
How do I view snoop output in Wireshark?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB20562&actp=METADATA&act=loginhttps://kb.juniper.net/InfoCenter/index?page=content&id=KB20562&actp=METADATA&act=login

[vSRX] Installing on KVM

Two ways
VirtManager(GUI)
virt install (cli)
Other ways (Qemu)

On Server:
uname -a
lscpu (architecture, support virtualization (VT-X), NUMA)
lspci / lspci -vvv |grep Ether
dmidecode
lsmod | grep kvm
virsh - qemu:///system list
virsh dumpxml <instance ID> (will show configuration file for the VM, similar to .vmx file in vmware)
virsh net-list --all
virsh domiflist <vm-name>
brctl show

[ScreenOS] Firmware upgrade

screenos upgrade:


 Please find the upgrade process below to upgrade remaining firewalls (if boot loader and image key are proper there is no need to update them)

 1.       Upgrade the image key >> GUI access or Console + TFTP access is required.
 2.       Upgrade the OS >> CLI+TFTP access is required.
 3.       Upgrade the Boot loader >> Console + TFTP access required.
 The firewall is in cluster, to upgrade the backup unit first you will need manage-ip configured on it.

 Points to check before upgrading firewall:
 ++ Please check nsrp status ‘get nsrp’. There should be a master and a primary backup (PB) available.
 ++ Check the sessions on master and backup ‘get session info’ à this will ensure that session synchronization is happening properly.
 ++ Check the routes on both the firewalls and they should be identical.
 ++ Check whether both firewalls are in sync ‘exec nsrp sync globacl checksum’
 ++ All above checks are done whether backup firewall is in perfect sync with master and there is no issue. Check all these things again when you upgrade backup firewall and you are  ready to upgrade master.
 ++ After the backup firewall is upgraded and checked, use command ‘exec nsrp vsd-group id 0 mode backup’. This command will forcefully failover the master to backup.


 Please find below the Juniper KB with complete upgrade procedure:
 http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16495 &actp=search

 Please refer to below mentioned Upgrade guide (page 24) which mentions the process of upgrading firewall in clusters.
 http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_upg rade.pdf

[IDP Series] NIC Bypass

The Internal NICBypass helps prevent network outage due to IDP entering a hang state or experiencing high CPU utilization when the IDP...