2

I've done casual research into the subject and am truly dismayed at the lack of compatible tools for such a simple task. Maybe someone can provide assistance.

We have a NetScreen NS-5GT in the office. I need to be able to get a glance of current traffic per endpoint -- I think the equivalent of 'get sessions' with byte counts/rates. I don't care about bars, graphs, and reports. Something as simple as a classic software firewall display would be perfect.

I can't shell out money on something real like SolarWinds products, so a free solution is essential. I'm willing to do a little work but refuse to program something from scratch. It's not prudent right now for me to install a hub or otherwise mess around physically. There must be something out there I can use, maybe in combination. I don't believe I'm asking too much.

Specific answers only please, e.g. monitoring software you know will actually work with this antiquated device. I've read about general approaches to the broader problem dozens of times already.

5 Answers5

1

As mentioned above, PRTG will work well with the Netscreens for showing you real-time data and also some historical capabilities. Cacti is also very useful if you are only interested in historical graphs.

There is not much you can do on the interfaces themselves with the NetScreen. You can do counting on the policies, but not the interface, so this would only be useful if you have one interface per zone and then only if you have a single policy for whatever zone to zone traffic you plan on monitoring.

mattelmore
  • 11
  • 1
0

Have you tried using a SNMP-based solution? I have a few clients that still use that firewall and have used Paessler's PRTG Network Monitor software (limited free version) without problems. PRTG software does show a lot of graphs but can show "Live Data" including each interface but I'm not sure how real-time you need. It also seems to be designed to be installed on a computer and left on for monitoring, the interface is web based.

Halfdone
  • 163
  • 2
  • 9
0

I agree, use an SNMP based solution.

If you're wanting to be really selective. I'd just setup a script to do SNMP gets for the OID's you care about and turn them into useful output.

Otherwise, I'd install Zenoss.

Are you by chance using Mac OSX? There is a good SNMP based interface monitoring dashboard widget.

SpacemanSpiff
  • 8,733
  • 1
  • 23
  • 35
0

If you're looking for netflow like data I have not yet figured out how to get it from my Netscreens (two SSG20s) using Open Source tools. However I have managed to get bytes and packets per second for my policies using SNMP. You will need to get a tool to browse the SNMP tables such as MIB Browser to extract the OIDs. Also you will need to get the SNMP MIB tables from Juniper for the Netscreen to use in MIB Browser.

I have taken the OIDs in question and then monitored the data in Zabbix. I've been very pleased with the results and Zabbix is a very powerful tool for monitoring.

Red Tux
  • 2,074
  • 13
  • 14
  • That is pretty cool that the box established an index for the different policies. It will only be as accurate as TCP/UDP ports, but still better than nothing if NetFlow at the downstream switch is not an option. – SpacemanSpiff Jan 15 '12 at 19:46
0

For real time monitoring another option (if you have it available to you) is to use a port on a managed switch set to MIRROR and then use a linux box running NTOP (http://www.ntop.org). The linux box should have two network cards. One connected to your lan so you can view the NTOP reports and the other used for NTOP to listen on.

If you mirror the traffic hitting the Trust interface then you will have a full breakdown of traffic usage, active connections and so on.

Plus NTOP is awesome

Gareth Hastings
  • 191
  • 1
  • 1
  • 8