Juniper防火墙日常维护

Juniper防火墙日常维护手册
〔v 20131112〕
版本说明
目录
版本说明2
目录2
1. 日常操作3
1.1 查看硬件信息3
1.2 查看OS信息5
1.3 查看CPU/SPU使用率信息6
查看CPU/SPU使用率信息6
查看每秒CPU使用率8
1.4 查看存使用率11
1.5 SRX RE CPU使用率/存使用率信息〔仅JunOS适用〕13
1.6 查看Session会话信息15
查看会话总数15
查看每秒新建会话数量17
查看防火墙所有会话条目19
按过滤条件查看会话20
查看会话详细容22
保存防火墙所有会话条目24
1.7 查看警告日志25
1.8 查看事件日志—— ScreenOS26
查看所有事件日志〔仅ScreenOS适用〕26
按事件级别过滤查看事件日志〔仅ScreenOS适用〕27
按时间过滤查看事件日志〔仅ScreenOS适用〕28
1.9 查看事件日志—— JunOS28
1.10 查看策略流量日志29
1.11 查看/备份配置31
1.12 查看接口状态33
查看所有接口状态33
查看单一接口详情36
1.13 查看ARP表37
1.14 查看路由38
查看全部路由38
查看特定目标地址的路由39
1.15 查看策略40
查看所有策略40
查看单条策略的详细容40
1.16 查看防火墙主备状态41
1.17 查看集群接口状态〔仅JunOS适用〕43
1.18 查看配置同步状态〔仅ScreenOS适用〕44
1.19 常用排错命令44
44
46
47
收集support信息49
1.20 按过滤条件查看各类信息50
2. 应急操作51
2.1 去除指定IP的ARP记录51
2.2 去除指定源IP/目的IP的会话记录52
2.3 关闭和开启端口52
关闭端口52
开启端口53
2.4 防火墙主备状态切换54
2.5 同步会话〔仅ScreenOS适用〕55
2.6 重启设备55
3. 日常维护周期策略55
3.1 日巡检维护建议55
3.2 周巡检维护建议57
3.3 月巡检维护建议57
3.4 不定期维护建议58
1. 日常操作
1.1 查看硬件信息
〔1〕ScreenOS
在CLI下命令为：get chassis
示例：
JP1000A-> get chassis
Chassis Environment:
Power Supply: Good
Fan Status: Good
CPU Temperature: 98'F ( 37'C)
Slot Information:
Slot Type S/N Assembly-No Version Temperature 0 System Board 00999 0066-004 F01 86'F (30'C), 87'F (31'C)
4 Management 00999 0049-004 D19 98'F (37'C)
5 ASIC Board 002079351g110017 0065-002 B00
Marin FPGA version 9, Jupiter ASIC version 1, Fresno FPGA version 110
I/O Board
Slot Type S/N Version FPGA version 2 4 port miniGBIC (0x3) 00999 B02 26
1 4 port 10/100/1000T 38
Alarm Control Information:
Power failure audible alarm: disabled
Fan failure audible alarm: disabled
Low battery audible alarm: disabled
Temperature audible alarm: disabled
Normal alarm temperature is 132'F (56'C)
Severe alarm temperature is 150'F (66'C)
〔2〕JunOS
在CLI - 操作模式下命令为：show chassis hardware
示例：
syroJP650A> show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description Chassis AJ4309AA0999 SRX650
Midplane REV 08 710-023875 AAAS7310
System IO REV 08 710-023209 AAAS9446 SRXSME System IO Routing Engine REV 14 750-023223 AAAW4729 RE-SRXSME-SRE6 FPC 0 FPC
PIC 0 4x GE Base PIC FPC 2 REV 07 750-026182 AAAS7999 FPC
PIC 0 16x GE gPIM Power Supply 0 Rev 03 740-024283 TH01999 PS 645W AC Power Supply 1 Rev 03 740-024283 TH01099 PS 645W AC
1.2 查看OS信息
〔1〕ScreenOS
在CLI下命令为：get system
示例：
JP1000A-> get system
Product Name: NetScreen-ISG1000
Serial Number: 00999, Control Number: 00000000
, Type: Firewall+VPN
Compiled by build_master at: Wed Apr 28 23:08:24 PDT 2010
File Name: default (screenos_image), Checksum: de317771
, Total Memory: 1024MB
Date 01/01/2013 11:50:43, Daylight Saving Time disabled
The Network Time Protocol is Enabled
Up 3286 hours 23 minutes 35 seconds Since 17Aug2012:13:27:08
Total Device Resets: 0
〔2〕JunOS
在CLI - 操作模式下命令为：show system software
示例：
syroJP650A> show system software
Information for junos:
Comment:
JUNOS Software Release []
1.3 查看CPU/SPU使用率信息
〔1〕ScreenOS —— CPU
在CLI下命令为：get performance cpu
示例：
JP1000A-> get performance cpu
Average System Utilization: 1%
Last 1 minute: 2%, Last 5 minutes: 2%, Last 15 minutes: 2%
〔2〕JunOS —— SPU
当SPU使用率到达60%就要引起关注，可能网络或设备有异常。

在CLI - 操作模式下查看SRX Branch防火墙的SPU使用率命令为：show security monitoring fpc 0
示例：
syroJP650A> show security monitoring fpc 0
FPC 0
PIC 0
CPU utilization : 0 %
Memory utilization : 67 %
Current flow session : 16
Max flow session : 524288
SRX Hign-end防火墙为分布式架构，需要根据SPC卡的槽位来确定查看命令。

例如SRX3600
配备2块SPC，分别插在7槽和 8槽中，需要分别查看其SPU使用率。

另，SRX3600的双机采用虚拟机箱技术后，node0为主墙、node1为备墙。

在CLI - 操作模式下查看SRX3600防火墙的spu命令为：show security monitoring fpc 7和show security monitoring fpc 8
示例：
syroJP3600A > show security monitoring fpc 7
node0:
-------------------------------------------------------------------------- FPC 7
PIC 0
CPU utilization : 2 %
Memory utilization : 64 %
Current flow session : 5265
Max flow session : 524288
Current CP session : 16401
Max CP session : 2359296
node1:
--------------------------------------------------------------------------
FPC 7
PIC 0
CPU utilization : 0 %
Memory utilization : 64 %
Current flow session : 5582
Max flow session : 524288
Current CP session : 17131
Max CP session : 2359296
{primary:node0}
syroJP3600A> show security monitoring fpc 8
node0:
--------------------------------------------------------------------------
FPC 8
PIC 0
CPU utilization : 3 %
Memory utilization : 66 %
Current flow session : 10977
Max flow session : 1048576
Current CP session : 0
Max CP session : 0
node1:
-------------------------------------------------------------------------- FPC 8
PIC 0
CPU utilization : 0 %
Memory utilization : 66 %
Current flow session : 11382
Max flow session : 1048576
Current CP session : 0
Max CP session : 0
{primary:node0}
〔1〕ScreenOS
在CLI下命令为：get performance cpu all detail
示例：
JP1000A.GL-IT.SDA(M)-> get performance cpu all detail
Average System Utilization: 1% (flow 1 task 1)
Last 60 seconds:
59: 2( 1 1) 58: 2( 1 1) 57: 2( 1 1) 56: 2( 1 1)
55: 2( 1 1) 54: 2( 1 1) 53: 2( 1 1) 52: 2( 1 1)
51: 2( 1 1) 50: 2( 1 1) 49: 2( 1 1) 48: 2( 1 1)
47: 2( 1 1) 46: 2( 1 1) 45: 2( 1 1) 44: 2( 1 1)
43: 2( 1 1) 42: 2( 1 1) 41: 2( 1 1) 40: 2( 1 1)
39: 2( 1 1) 38: 2( 1 1) 37: 2( 1 1) 36: 2( 1 1)
35: 2( 1 1) 34: 2( 1 1) 33: 2( 1 1) 32: 2( 1 1)
31: 2( 1 1) 30: 2( 1 1) 29: 2( 1 1) 28: 2( 1 1)
27: 2( 1 1) 26: 2( 1 1) 25: 2( 1 1) 24: 2( 1 1)
23: 2( 1 1) 22: 2( 1 1) 21: 2( 1 1) 20: 2( 1 1)
19: 2( 1 1) 18: 2( 1 1) 17: 2( 1 1) 16: 2( 1 1)
15: 2( 1 1) 14: 2( 1 1) 13: 2( 1 1) 12: 2( 1 1)
11: 2( 1 1) 10: 2( 1 1) 9: 2( 1 1) 8: 2( 1 1)
7: 2( 1 1) 6: 2( 1 1) 5: 2( 1 1) 4: 2( 1 1)
3: 2( 1 1) 2: 2( 1 1) 1: 2( 1 1) 0: 2( 1 1)
Last 60 minutes:
59: 2( 1 1) 58: 2( 1 1) 57: 2( 1 1) 56: 2( 1 1)
55: 2( 1 1) 54: 2( 1 1) 53: 2( 1 1) 52: 2( 1 1)
51: 2( 1 1) 50: 2( 1 1) 49: 2( 1 1) 48: 2( 1 1)
47: 2( 1 1) 46: 2( 1 1) 45: 2( 1 1) 44: 2( 1 1)
43: 2( 1 1) 42: 2( 1 1) 41: 2( 1 1) 40: 2( 1 1)
39: 2( 1 1) 38: 2( 1 1) 37: 2( 1 1) 36: 2( 1 1)
35: 2( 1 1) 34: 2( 1 1) 33: 2( 1 1) 32: 2( 1 1)
31: 2( 1 1) 30: 2( 1 1) 29: 2( 1 1) 28: 2( 1 1)
27: 2( 1 1) 26: 2( 1 1) 25: 2( 1 1) 24: 2( 1 1)
23: 2( 1 1) 22: 2( 1 1) 21: 2( 1 1) 20: 2( 1 1)
19: 2( 1 1) 18: 2( 1 1) 17: 2( 1 1) 16: 2( 1 1)
15: 2( 1 1) 14: 2( 1 1) 13: 2( 1 1) 12: 2( 1 1)
11: 2( 1 1) 10: 2( 1 1) 9: 2( 1 1) 8: 2( 1 1)
7: 2( 1 1) 6: 2( 1 1) 5: 2( 1 1) 4: 2( 1 1)
3: 2( 1 1) 2: 2( 1 1) 1: 2( 1 1) 0: 2( 1 1)
Last 24 hours:
23: 2( 1 1) 22: 2( 1 1) 21: 2( 1 1) 20: 2( 1 1)
19: 2( 1 1) 18: 2( 1 1) 17: 1( 1 1) 16: 2( 1 1)
15: 1( 1 1) 14: 2( 1 1) 13: 1( 1 1) 12: 1( 1 1)
11: 2( 1 1) 10: 2( 1 1) 9: 2( 1 1) 8: 2( 1 1)
7: 2( 1 1) 6: 1( 1 1) 5: 1( 1 1) 4: 2( 1 1)
3: 2( 1 1) 2: 2( 1 1) 1: 2( 1 1) 0: 2( 1 1)
〔2〕JunOS
在CLI - 操作模式下命令为：show security monitoring performance spu 示例：
syroJP650A > show security monitoring performance spu
fpc 0 pic 0
Last 60 seconds:
0: 0 1: 0 2: 0 3: 0 4: 0 5: 0
6: 0 7: 0 8: 0 9: 0 10: 0 11: 0
12: 0 13: 0 14: 0 15: 0 16: 0 17: 0
18: 0 19: 0 20: 0 21: 0 22: 0 23: 0
24: 0 25: 0 26: 0 27: 0 28: 0 29: 0
30: 0 31: 0 32: 0 33: 0 34: 0 35: 0
36: 0 37: 0 38: 0 39: 0 40: 0 41: 0
42: 0 43: 0 44: 0 45: 0 46: 0 47: 0
48: 0 49: 0 50: 0 51: 0 52: 0 53: 0
54: 0 55: 0 56: 0 57: 0 58: 0 59: 0
syroJP3600A> show security monitoring performance spu
node0:
-------------------------------------------------------------------------- fpc 7 pic 0
Last 60 seconds:
0: 0 1: 0 2: 0 3: 0 4: 0 5: 0
6: 0 7: 0 8: 0 9: 0 10: 0 11: 0
12: 0 13: 0 14: 0 15: 0 16: 0 17: 0
18: 0 19: 0 20: 0 21: 0 22: 0 23: 0
24: 0 25: 0 26: 0 27: 0 28: 0 29: 0
30: 0 31: 0 32: 0 33: 0 34: 0 35: 0
36: 0 37: 0 38: 0 39: 0 40: 0 41: 0
42: 0 43: 0 44: 0 45: 0 46: 0 47: 0
48: 0 49: 0 50: 0 51: 0 52: 0 53: 0
54: 0 55: 0 56: 0 57: 0 58: 0 59: 0
fpc 8 pic 0
Last 60 seconds:
0: 0 1: 0 2: 0 3: 0 4: 0 5: 0
6: 0 7: 0 8: 0 9: 0 10: 0 11: 0
12: 0 13: 0 14: 0 15: 0 16: 0 17: 0
18: 0 19: 0 20: 0 21: 0 22: 0 23: 0
24: 0 25: 0 26: 0 27: 0 28: 0 29: 0
30: 0 31: 0 32: 0 33: 0 34: 0 35: 0
36: 0 37: 0 38: 0 39: 0 40: 0 41: 0
42: 0 43: 0 44: 0 45: 0 46: 0 47: 0
48: 0 49: 0 50: 0 51: 0 52: 0 53: 0
54: 0 55: 0 56: 0 57: 0 58: 0 59: 0
node1:
-------------------------------------------------------------------------- fpc 7 pic 0
Last 60 seconds:
0: 0 1: 0 2: 0 3: 0 4: 0 5: 0
6: 0 7: 0 8: 0 9: 0 10: 0 11: 0
12: 0 13: 0 14: 0 15: 0 16: 0 17: 0
18: 0 19: 0 20: 0 21: 0 22: 0 23: 0
24: 0 25: 0 26: 0 27: 0 28: 0 29: 0
30: 0 31: 0 32: 0 33: 0 34: 0 35: 0
36: 0 37: 0 38: 0 39: 0 40: 0 41: 0
42: 0 43: 0 44: 0 45: 0 46: 0 47: 0
48: 0 49: 0 50: 0 51: 0 52: 0 53: 0
54: 0 55: 0 56: 0 57: 0 58: 0 59: 0
fpc 8 pic 0
Last 60 seconds:
0: 0 1: 0 2: 0 3: 0 4: 0 5: 0
6: 0 7: 0 8: 0 9: 0 10: 0 11: 0
12: 0 13: 0 14: 0 15: 0 16: 0 17: 0
18: 0 19: 0 20: 0 21: 0 22: 0 23: 0
24: 0 25: 0 26: 0 27: 0 28: 0 29: 0
30: 0 31: 0 32: 0 33: 0 34: 0 35: 0
36: 0 37: 0 38: 0 39: 0 40: 0 41: 0
42: 0 43: 0 44: 0 45: 0 46: 0 47: 0
48: 0 49: 0 50: 0 51: 0 52: 0 53: 0
54: 0 55: 0 56: 0 57: 0 58: 0 59: 0
{primary:node0}
1.4 查看存使用率
〔1〕ScreenOS
ScreenOS平台的存使用率一般不会变化。

在CLI下命令为：get memory
示例：
JP1000A-> get memory
Memory: allocated 536091296, left 238802224, frag 68, fail 0
〔2〕JunOS
当SPU存使用率到达70%就要引起关注，可能网络或设备有异常。

在CLI - 操作模式下查看SRX Branch防火墙的spc存使用率命令为：show security monitoring fpc 0
示例：
syroJP650A> show security monitoring fpc 0
FPC 0
PIC 0
CPU utilization : 0 %
Memory utilization : 67 %
Current flow session : 16
Max flow session : 524288
SRX Hign-end防火墙为分布式架构，，需要根据SPC卡的槽位来确定查看命令。

例如SRX3600配备2块SPC，插在7槽和 8槽中，需要分别查看其SPU存使用率。

另，SRX3600的双机采用虚拟机箱技术，node0为主墙、node1为备墙。

在CLI - 操作模式下查看SRX3600防火墙的SPU存使用率命令为：show security monitoring fpc 7和show security monitoring fpc 8
示例：
syroJP3600A > show security monitoring fpc 7
node0:
--------------------------------------------------------------------------
FPC 7
PIC 0
CPU utilization : 2 %
Memory utilization : 64 %
Current flow session : 5265
Max flow session : 524288
Current CP session : 16401
Max CP session : 2359296
node1:
--------------------------------------------------------------------------
FPC 7
PIC 0
CPU utilization : 0 %
Memory utilization : 64 %
Current flow session : 5582
Max flow session : 524288
Current CP session : 17131
Max CP session : 2359296
{primary:node0}
syroJP3600A> show security monitoring fpc 8
node0:
--------------------------------------------------------------------------
FPC 8
PIC 0
CPU utilization : 3 %
Memory utilization : 66 %
Current flow session : 10977
Max flow session : 1048576
Current CP session : 0
Max CP session : 0
node1:
--------------------------------------------------------------------------
FPC 8
PIC 0
CPU utilization : 0 %
Memory utilization : 66 %
Current flow session : 11382
Max flow session : 1048576
Current CP session : 0
Max CP session : 0
1.5 SRX RE CPU使用率/存使用率信息〔仅JunOS适用〕
SRX系列防火墙RE的CPU主要做管理设备用，其CPU波动会比拟大，出现瞬时100%也是正常的。

当RE的CPU使用率长时间都在45%以上时，引起关注；当RE的存使用率长时间都在60%以上时，注意查看当前的RE运行负载。

在CLI - 操作模式下命令为：show chassis routing-engine
示例：
syroJP650A > show chassis routing-engine
Routing Engine status:
Temperature 31 degrees C / 87 degrees F
CPU temperature 31 degrees C / 87 degrees F
Total memory 2048 MB Max 1065 MB used ( 52 percent)
Control plane memory 1104 MB Max 442 MB used ( 40 percent)
Data plane memory 944 MB Max 632 MB used ( 67 percent)
CPU utilization:
User 6 percent
Background 0 percent
Kernel 1 percent
Interrupt 0 percent
Idle 93 percent
Model RE-SRXSME-SRE6
Serial ID AAAW4729
Start time 2012-07-12 17:54:51 CST
Uptime 177 days, 15 hours, 50 minutes, 35 seconds Last reboot reason 0x200:chassis control reset
Load averages: 1 minute 5 minute 15 minute
0.41 0.26 0.19
syroJP3600A > show chassis routing-engine
node0:
-------------------------------------------------------------------------- Routing Engine status:
Slot 0:
Current state Master
Election priority Master (default)
DRAM 1023 MB
Memory utilization 39 percent
CPU utilization:
User 0 percent
Background 0 percent
Kernel 5 percent
Interrupt 0 percent
Idle 94 percent
Model RE-PPC-1200-A
Start time 2012-07-13 10:06:41 CST
Uptime 176 days, 23 hours, 40 minutes, 35 seconds Last reboot reason 0x1:power cycle/failure
Load averages: 1 minute 5 minute 15 minute
0.12 0.10 0.08
node1:
-------------------------------------------------------------------------- Routing Engine status:
Slot 0:
Current state Master
Election priority Master (default)
DRAM 1023 MB
Memory utilization 34 percent
CPU utilization:
User 0 percent
Background 0 percent
Kernel 5 percent
Interrupt 0 percent
Idle 95 percent
Model RE-PPC-1200-A
Start time 2012-07-16 14:39:07 CST
Uptime 173 days, 19 hours, 6 minutes, 11 seconds
Last reboot reason Router rebooted after a normal shutdown.
Load averages: 1 minute 5 minute 15 minute
0.14 0.06 0.01
1.6 查看Session会话信息
〔1〕ScreenOS
当前会话总数到达平时峰值的2倍或设备最大会话数的70%，需要关注、报警。

在CLI下命令为：get session info
示例：
JP1000A-> get session info
alloc 730/max 524288, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 523558
slot 2: hw0 alloc 730/max 524287
〔2〕JunOS
当前会话总数到达平时峰值的2倍或设备最大会话数的70%，需要关注、报警。

在CLI - 操作模式下命令为：show security flow session summary
示例：
syroJP650A> show security flow session summary
Unicast-sessions: 14
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 17
Valid sessions: 14
Pending sessions: 0
Invalidated sessions: 3
Sessions in other states: 0
Maximum-sessions: 524288
syroJP3600A > show security flow session summary
node0:
--------------------------------------------------------------------------
Flow Sessions on FPC7 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Maximum-sessions: 524288
Flow Sessions on FPC8 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Maximum-sessions: 1048576
node1:
--------------------------------------------------------------------------
Flow Sessions on FPC7 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Maximum-sessions: 524288
Flow Sessions on FPC8 PIC0:
Unicast-sessions: 0
Multicast-sessions: 0
Failed-sessions: 0
Sessions-in-use: 0
Valid sessions: 0
Pending sessions: 0
Invalidated sessions: 0
Sessions in other states: 0
Maximum-sessions: 1048576
〔1〕ScreenOS
在CLI下命令为：get performance session detail
示例：
JP1000A-> get performance session detail
Last 60 seconds:
0: 26 1: 12 2: 19 3: 21 4: 23 5: 20
6: 27 7: 20 8: 32 9: 30 10: 36 11: 29
12: 35 13: 34 14: 13 15: 26 16: 31 17: 34
18: 20 19: 25 20: 24 21: 19 22: 20 23: 24
24: 21 25: 22 26: 24 27: 23 28: 34 29: 24
30: 35 31: 35 32: 34 33: 21 34: 15 35: 26
36: 37 37: 32 38: 36 39: 27 40: 20 41: 32
42: 24 43: 25 44: 21 45: 19 46: 17 47: 16
48: 15 49: 14 50: 17 51: 19 52: 26 53: 38
54: 32 55: 41 56: 11 57: 13 58: 15 59: 11
〔2〕JunOS
对于JunOS11.4与其以后版本，可以直接查看每秒新建会话数，在CLI - 操作模式下查看SRX Branch防火墙的每秒新建命令为：show security monitoring fpc 0
示例：
root> show security monitoring fpc 0
FPC 0
PIC 0
CPU utilization : 0 %
Memory utilization : 69 %
Current flow session : 6
Current flow session IPv4: 0
Current flow session IPv6: 0
Max flow session : 262144
Total Session Creation Per Second (for last 96 seconds on average): 0
IPv4 Session Creation Per Second (for last 96 seconds on average): 0
IPv6 Session Creation Per Second (for last 96 seconds on average): 0
对于JunOS11.4之前的版本，只能查看每秒会话数，在CLI - 操作模式下命令为：security monitoring performance session
示例：
syroJP650A > show security monitoring performance session
fpc 0 pic 0
Last 60 seconds:
0: 18 1: 18 2: 17 3: 18 4: 17 5: 14
6: 14 7: 17 8: 16 9: 17 10: 16 11: 17
12: 17 13: 18 14: 16 15: 16 16: 15 17: 15
18: 14 19: 15 20: 13 21: 14 22: 12 23: 27
24: 27 25: 56 26: 55 27: 78 28: 61 29: 79
30: 59 31: 75 32: 59 33: 81 34: 64 35: 78
36: 61 37: 75 38: 60 39: 51 40: 40 41: 50
42: 47 43: 69 44: 60 45: 69 46: 56 47: 76
48: 67 49: 78 50: 57 51: 74 52: 55 53: 78
54: 60 55: 70 56: 51 57: 62 58: 48 59: 29
syroJP3600A > show security monitoring performance session
node0:
--------------------------------------------------------------------------
fpc 7 pic 0
Last 60 seconds:
0: 9761 1: 9987 2: 9713 3: 9965 4: 9692 5: 9989
6: 9703 7: 9958 8: 9653 9: 9878 10: 9616 11: 9940
12: 9691 13: 10065 14: 9814 15: 10010 16: 9731 17: 9887
18: 9610 19: 9857 20: 9636 21: 9910 22: 9649 23: 9938
24: 9686 25: 9952 26: 9704 27: 9988 28: 9735 29: 9984
30: 9723 31: 10009 32: 9758 33: 10105 34: 9878 35: 10155
36: 9881 37: 10107 38: 9798 39: 10032 40: 9795 41: 10068
42: 9792 43: 10073 44: 9829 45: 10082 46: 9813 47: 10060
48: 9775 49: 10061 50: 9791 51: 10008 52: 9732 53: 9963
54: 9721 55: 9935 56: 9668 57: 9938 58: 9696 59: 9993
fpc 8 pic 0
Last 60 seconds:
0: 20252 1: 19658 2: 20188 3: 19608 4: 20185 5: 19660
6: 20164 7: 19591 8: 20039 9: 19492 10: 19938 11: 19433 12: 20098 13: 19642 14: 20275 15: 19714 16: 20013 17: 19445 18: 19841 19: 19325 20: 19824 21: 19358 22: 19880 23: 19371 24: 19936 25: 19429 26: 19876 27: 19396 28: 19938 29: 19459 30: 19911 31: 19369 32: 20068 33: 19565 34: 20332 35: 19645 36: 20309 37: 19657 38: 20128 39: 19471 40: 20010 41: 19493 42: 20049 43: 19536 44: 20163 45: 19644 46: 20132 47: 19624 48: 20154 49: 19575 50: 20097 51: 19529 52: 20041 53: 19525 54: 19978 55: 19488 56: 19899 57: 19372 58: 19984 59: 19500
node1:
-------------------------------------------------------------------------- fpc 7 pic 0
Last 60 seconds:
0: 10213 1: 10447 2: 10172 3: 10424 4: 10150 5: 10432 6: 10153 7: 10362 8: 10078 9: 10394 10: 10134 11: 10472 12: 10219 13: 10530 14: 10279 15: 10450 16: 10134 17: 10347 18: 10066 19: 10312 20: 10093 21: 10400 22: 10137 23: 10384 24: 10147 25: 10456 26: 10193 27: 10437 28: 10184 29: 10507 30: 10265 31: 10570 32: 10314 33: 10694 34: 10467 35: 10659 36: 10407 37: 10618 38: 10315 39: 10519 40: 10293 41: 10561 42: 10285 43: 10555 44: 10300 45: 10540 46: 10256 47: 10573 48: 10296 49: 10496 50: 10234 51: 10447 52: 10169 53: 10364 54: 10115 55: 10406 56: 10140 57: 10385 58: 10155 59: 10445 fpc 8 pic 0
Last 60 seconds:
0: 21893 1: 21280 2: 21813 3: 21250 4: 21759 5: 21230 6: 21668 7: 21122 8: 21685 9: 21176 10: 21775 11: 21254 12: 21735 13: 21272 14: 21791 15: 21155 16: 21508 17: 20933 18: 21439 19: 20944 20: 21514 21: 21026 22: 21461 23: 20970 24: 21540 25: 21045 26: 21494 27: 20991 28: 21684 29: 21223 30: 21909 31: 21367 32: 22025 33: 21539 34: 22163 35: 21480 36: 21933 37: 21282 38: 21790 39: 21194 40: 21827 41: 21311 42: 21793 43: 21264 44: 21860 45: 21300 46: 21830 47: 21292 48: 21762 49: 21222 50: 21607 51: 21063 52: 21449 53: 20899 54: 21527 55: 21041 56: 21509 57: 21017 58: 21527 59: 21033
{primary:node0}
〔1〕ScreenOS
在CLI下命令为：get session
示例：
JP1000A-> get session
alloc 2976/max 524288, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 521312
slot 2: hw0 alloc 2976/max 524287
id 482707/s0*,vsys 0,flag 10200400/4000/0003,policy 20036,time 1302, dip 36 module 0 id 482709/s0*,vsys 0,flag 10200400/4000/0003,policy 20040,time 1419, dip 36 module 0
〔2〕JunOS
在CLI - 操作模式下命令为：show security flow session
示例：
syroJP650A> show security flow session
Session ID: 15176, Policy name: self-traffic-policy/1, Timeout: 60, Valid
p, If: ae0.0, Pkts: 0, Bytes: 0
Session ID: 15264, Policy name: self-traffic-policy/1, Timeout: 60, Valid
Session ID: 15267, Policy name: self-traffic-policy/1, Timeout: 60, Valid
〔1〕ScreenOS
在CLI下使用get session命令可以按过滤条件查看会话，有以下命令选项：命令帮助：
JP1000A -> get session
> redirect output
| match output
<return>
dst-ip destination ip address
dst-mac destination mac address
dst-port destination port number or range
hardware show hardware sessions only
id show sessions with id
ike-nat show ike-nat ALG info
policy-id policy id
protocol protocol number or range
rm show sessions for resource management
service show sessions with service type
src-ip source ip address
src-mac source mac address
src-port source port number or range
tunnel show tunnel sessions
vsd-id get vsd-id specified sessions
示例：
alloc 1366/max 524288, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 522922
slot 2: hw0 alloc 1363/max 524287
Total 448 sessions according filtering criteria.
id 517142/s0*,vsys 0,flag 00200450/0000/0081,policy 20026,time 0, dip 0 module 0
id 517222/s0*,vsys 0,flag 00200440/0000/0003,policy 20028,time 2, dip 0 module 0
〔2〕JunOS
在CLI - 操作模式下使用show security flow session命令可以按过滤条件查看会话，有以下命令选项：
syroJP650A > show security flow session
Possible completions:
<[Enter]> Execute this command
application Application protocol name
brief Show brief output (default)
destination-port Destination port (1..65535)
destination-prefix Destination IP prefix or address
extensive Show detailed output
family Show session by family
idp Show idp sessions
interface Name of incoming or outgoing interface
nat Show sessions with network address translation
protocol IP protocol number
resource-manager Show sessions with resource manager
session-identifier Show session with specified session identifier
source-port Source port (1..65535)
source-prefix Source IP prefix or address
summary Show output summary
tunnel Show tunnel sessions
| Pipe through a command
示例：
Session ID: 168247, Policy name: self-traffic-policy/1, Timeout: 1800, Valid Total sessions: 1
〔1〕ScreenOS
ScreenOS防火墙按session id查看会话详细信息。

在CLI下命令为：get session id id数值
示例：
JP1000A-> get session id 490591
id 490591(00077c5f), flag 10200400/4000/0003, vsys id 0(Root)
policy id 20113, application id 0, dip id 36, state 0
current timeout 2250, max timeout 300 (second)
status normal, start time 12185013, duration 0
session id mask 0, app value 0
flag 805, diff 0/0
port seq 0, subif 2, cookie 0, fin seq 0, fin state 0
mac 0, nsptn info 0
flag 10000800, diff 0/0
port seq 0, subif 0, cookie 0, fin seq 0, fin state 0
Saturn hardware session:
chip 0,slot 2,idx 237169,flag 0x40,diff (0/0),pid 20113,time (12185013/30/225),ssid 490591
bcnt:0, vect:0, fin_seq:0x00000000, fst:0, flag:11,wsf 14
bcnt:0, vect:0, fin_seq:0x00000000, fst:0, flag:11,wsf 14
hw sess:0x8b9e7100, ext hw sess:0x8b9e7180,t:1125
shadow sess:0x059ee938, hash:001c0ca0, hash1:001452b0, shadow flag:0x10
nat_flag:0x40, next id:00000000(0), next id1:00000000(0), prev id:00000000(0), prev id1:00000000(0)
twin 0x0, forw1 0x0, forw2 0x0, sw sess:0x164a3a30, policy 0x2462e980
〔2〕JunOS
JunOS防火墙使用extensive参数即可查看会话详细信息
在CLI - 操作模式下命令为：show security flow session extensive
示例：
syroJP650A > show security flow session extensive destination-port 80
Session ID: 168239, Status: Normal
Flag: 0x0
Policy name: 10024/41
Source NAT pool: interface, Application: junos- /6
Maximum timeout: 1800, Current timeout: 542
Session State: Valid
Start time: 9230725, Duration: 1457
Interface: ae0.0,
Session token: 0x6, Flag: 0x0x21
Port sequence: 0, FIN sequence: 3377815844,
FIN state: 1,
Pkts: 11, Bytes: 455
Interface: ge-2/0/2.0,
Session token: 0x7, Flag: 0x0x20
Port sequence: 0, FIN sequence: 0,
FIN state: 0,
Pkts: 1, Bytes: 52
Total sessions: 1
〔1〕ScreenOS
方法一：对get session命令的输出容做拷屏。

注意调整SSH 客户端软件的缓冲区大小或记录LOG相关配置。

在CLI下命令为：get session
方法二：将get session命令的输出保存到 TFTP Server 。

注意确认TFTP Server效劳正常。

在CLI下命令为：get session > tftp 效劳器IP 文件名
示例：
JP1000A-> get session
〔2〕JunOS
方法一：对show security flow session命令的输出容做拷屏。

注意调整SSH 客户端软件的缓冲区大小或记录LOG相关配置。

在CLI - 操作模式下命令为：show security flow session
方法二：将show security flow session命令的输出容保存到RE磁盘上，并用file list 查看文件保存目录。

在CLI - 操作模式下命令为：show security flow session | save 文件名
file list
示例：
syroJP650A > show security flow session | save session.log
Wrote 52 lines of output to 'session.log'
/cf/var/home/jpro/:
.ssh/
session.log
方法三〔高阶〕：在SHELL下保存所有会话条目。

在CLI - 操作模式下，
➢先进入shell下—— start shell
➢再进入/tmp目录—— cd /tmp
➢最后保存会话—— cli -c "show security flow session" > ./sessions.log 1.7 查看警告日志
〔1〕ScreenOS
在CLI下命令为：get alarm event
示例：
JP1000A-> get alarm event
Date Time Module Level Type Description
2012-08-24 23:25:22 system crit 00072 The local device 10222208 in the
Virtual Security Device group (0)
changed state from backup to primary
backup, missing primary backup.
2012-08-24 23:25:22 system crit 00015 Peer device 10670336 in the Virtual
Security Device group 0 changed state
from primary backup to master.
〔2〕JunOS
SRX防火墙可以分别查看机箱和系统的警告信息。

在CLI - 操作模式下命令为：show chassis alarms和show system alarms 示例：
syroJP3600A> show chassis alarms
node0:
--------------------------------------------------------------------------
No alarms currently active
node1:
--------------------------------------------------------------------------
No alarms currently active
{primary:node0}
syroJP3600A> show system alarms
node0:
--------------------------------------------------------------------------
No alarms currently active
node1:
show system alarms
syroJP3600A> show system alarms
node0:
--------------------------------------------------------------------------
No alarms currently active
node1:
1.8 查看事件日志—— ScreenOS
在CLI下命令为：get event
该命名输出结果包含警告日志。

示例：
JP1000A-> get event
Total event entries = 25174
Date Time Module Level Type Description
2013-01-01 15:35:12 system notif 00767 Event log was reviewed by admin syro. 2013-01-01 15:34:40 system warn 00515 Admin user syro has logged on via SSH
2013-01-01 15:34:40 system warn 00528 SSH: Password authentication
successful for admin user 'syro' at
ScreenOS防火墙事件有八个级别。

在CLI下使用get event命令可以按事件级别查看会话，有以下命令选项：
JP1000A -> get event level ?
alert level 1: immediate action is required
critical level 2: functionality is affected
debug level 7: detailed information for troubleshooting emergency level 0: system is unusable
error level 3: error condition
information level 6: general information about operation
notification level 5: normal events
warning level 4: functionality may be affected
示例：
JP1000A -> get event level alert
Date Time Module Level Type Description
int ethernet1/2). Occurred 1 times.
int ethernet1/2). Occurred 1 times.
int ethernet1/2). Occurred 1 times.
int ethernet1/2). Occurred 1 times. Total entries matched = 4。