Skip to main content

Posts

Showing posts from April, 2017

[ScreenOS] Snoop and debug flow

Debug flow basic:
Understanding debug flow filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6709&actp=METADATA
Running "debug flow basic": https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208
How do I capture debugging (debug flow) information?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB5536&actp=METADATA
When to use 'snoop' and 'debug flow': https://kb.juniper.net/InfoCenter/index?page=content&id=KB5967&actp=METADATA

Snoop:
How do you use Snoop for troubleshooting?:https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA
What options are available when configuring snoop?: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6586&actp=METADATA
How to apply the logical 'AND' or 'OR' snoop filters: https://kb.juniper.net/InfoCenter/index?page=content&id=KB6707&actp=METADATA
How do I interpret the snoop output?https://kb.juniper.net/…

[vSRX] Installing on KVM

Two ways
VirtManager(GUI)
virt install (cli)
Other ways (Qemu)

On Server:
uname -a
lscpu (architecture, support virtualization (VT-X), NUMA)
lspci / lspci -vvv |grep Ether
dmidecode
lsmod | grep kvm
virsh - qemu:///system list
virsh dumpxml <instance ID> (will show configuration file for the VM, similar to .vmx file in vmware)
virsh net-list --all
virsh domiflist <vm-name>
brctl show

[ScreenOS] Firmware upgrade

screenos upgrade:


 Please find the upgrade process below to upgrade remaining firewalls (if boot loader and image key are proper there is no need to update them)

 1.       Upgrade the image key >> GUI access or Console + TFTP access is required.
 2.       Upgrade the OS >> CLI+TFTP access is required.
 3.       Upgrade the Boot loader >> Console + TFTP access required.
 The firewall is in cluster, to upgrade the backup unit first you will need manage-ip configured on it.

 Points to check before upgrading firewall:
 ++ Please check nsrp status ‘get nsrp’. There should be a master and a primary backup (PB) available.
 ++ Check the sessions on master and backup ‘get session info’ à this will ensure that session synchronization is happening properly.
 ++ Check the routes on both the firewalls and they should be identical.
 ++ Check whether both firewalls are in sync ‘exec nsrp sync globacl checksum’
 ++ All above checks are done whether backup firewall is in perfect syn…