Hi,

Many people either have a blind eye to debug approach and some-others might not exactly know the below  feature in SRX , but in my Opinion, this has huge advantages. Mainly when your policies are not defined for traffic and you dont see a flow entry in your session table.

Topology

toplogy

Running Ping from other Router

ping_not_in_session_table

Now configuring the traceoptions

2_configuration_flow_traceoptions

Analyzing the trace-options

3_packet_drop_in_log

I found this method to be very handy and also used in live environments. How you write your filter is the key criteria to reduce the packet-match condition for the device.

Regards

Rakesh M

Advertisements