Go back to product page >>

Juniper Firewall monitoring plugin

Verax NMS & APM Juniper Firewall management plugin allows easy monitoring, alerting, health check, management and performance reporting Juniper Networks’ Netscreen (5GT, ISG, Ns, SSG) series firewalls. SNMP is used for communicating with the hardware.

General information view

The view presents general configuration information about a firewall, such as:

  • Name, model information and firmware version
  • Hardware serial numbers
  • MAC address and uptime
  • Operation mode (e.g. NAT, Router, etc.)
  • Number of interfaces
  • IP addresses and DNS

Resources view

The view provides detailed performance metrics for the firewall, such as:

  • CPU utilizations: average, last minute, last 5 minutes and last 15 minutes utilization
  • Memory utilization: memory allocated, available and fragmentation.
  • Sessions: number of allocated sessions, allocations limit and failed session allocations.

Configuration view

The view allows to view firewall settings, such as:

  • Global Manager
  • Global Pro Management
  • URL filtering via Websense Server
  • Admin user radius authenticate
  • Command security shell
  • Email notifications
  • Syslog messages
  • Secure syslog messages
  • Including traffic log to admin. log
  • Refreshing DNS every day
  • Network time protocol
  • Secure SNMP traffic via VPN
  • Administrative interfaces configuration: idle timeout, HTTP and HTTPS port numbers, SSL certificate and encryption algorithm

IDS attack and policy monitor

The view allows to monitor IDS attack-related metrics on each interface:

  • Sync attack packet counter
  • Tear drop attack packet counter
  • Source route option attack packet counter
  • Ping of death attack packet counter
  • Address spoofing attack packet counter
  • Land attack packet counter
  • ICMP flood attack packet counter
  • UDP flood attack packet counter
  • Weird NetBIOS attack packet counter
  • Port scan attempt attack packet counter
  • Address sweep attempt attack packet counter
  • Detect SYN fragment
  • Detect TCP without flag set
  • Detect Unknown protocol IP packet
  • Detect IP bad option
  • Detect IP record option
  • Detect IP timestamp option
  • Detect IP security option
  • Detect loose source route
  • Detect strict source route
  • Detect IP stream option
  • Detect ICMP fragment
  • Detect large ICMP packet
  • Detect TCP syn fin both se
  • Detect TCP fin set without ack bit set
  • Detect malicious URL
  • Detect malicious session connection
  • Detect SYN-ACK-ACK attack
  • Block IP fragment packet

In addition, the policy monitor view provides statistics for each access policy defined in the system (permit, deny, encrypt, authenticate, prioritize, schedule, etc.) such as packets/s, packets/min, total packets, B/s, B/min, total bytes, sessions/s, sessions/min and others.

Predefined Juniper Firewall monitoring templates

The plugin provides predefined templates for most commonly monitored Juniper Firewall items (listed in the table below). Other, user-defined sensors and performance counters can be added.

Juniper Firewall monitoring templates
Juniper Firewall CPU usage (Avg)
Juniper Firewall CPU usage (1 min)
Juniper Firewall CPU usage (5 min)
Juniper Firewall CPU Usage (15 min)
Juniper Firewall Failed sessions
Juniper Firewall Memory fragmentation
Juniper Firewall Memory usage
Juniper Firewall Sessions usage
This website uses cookies and third party services. Agree