Skip to main content


Showing posts from April, 2017

[ScreenOS] Snoop and debug flow

Debug flow basic:
Understanding debug flow filters:
Running "debug flow basic":
How do I capture debugging (debug flow) information?:
When to use 'snoop' and 'debug flow':

How do you use Snoop for troubleshooting?:
What options are available when configuring snoop?:
How to apply the logical 'AND' or 'OR' snoop filters:
How do I interpret the snoop output?…

[vSRX] Installing on KVM

Two ways
virt install (cli)
Other ways (Qemu)

On Server:
uname -a
lscpu (architecture, support virtualization (VT-X), NUMA)
lspci / lspci -vvv |grep Ether
lsmod | grep kvm
virsh - qemu:///system list
virsh dumpxml <instance ID> (will show configuration file for the VM, similar to .vmx file in vmware)
virsh net-list --all
virsh domiflist <vm-name>
brctl show

[ScreenOS] Firmware upgrade

screenos upgrade:

 Please find the upgrade process below to upgrade remaining firewalls (if boot loader and image key are proper there is no need to update them)

 1.       Upgrade the image key >> GUI access or Console + TFTP access is required.
 2.       Upgrade the OS >> CLI+TFTP access is required.
 3.       Upgrade the Boot loader >> Console + TFTP access required.
 The firewall is in cluster, to upgrade the backup unit first you will need manage-ip configured on it.

 Points to check before upgrading firewall:
 ++ Please check nsrp status ‘get nsrp’. There should be a master and a primary backup (PB) available.
 ++ Check the sessions on master and backup ‘get session info’ à this will ensure that session synchronization is happening properly.
 ++ Check the routes on both the firewalls and they should be identical.
 ++ Check whether both firewalls are in sync ‘exec nsrp sync globacl checksum’
 ++ All above checks are done whether backup firewall is in perfect syn…