You are troubleshooting an SRX240 acting as a NAT translator for transit traffic. Traffic is dropping
at the SRX240 in your network. Which three tools would you use to troubleshoot the issue?
(Choose three.)
A.
security flow traceoptions
B.
monitor interface traffic
C.
show security flow session
D.
monitor traffic interface
E.
debug flow basic
Explanation:
Reference: http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
http://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
A C D ! not A B C .. 🙁
A, C & D
A:
In the SRX, the primary method of capturing this information is through the “set security flow traceoptions basic-datapath”, and there is also the ability to filter only certain packets for advanced debugging using the “set security flow traceoptions packet-filter”.
C:
If the packet matches an existing session, then the SRX will not include all debugging information in that output. It will display the basics and refer to the session ID to cross reference. You can still examine the session table to track this session with the “show security flow session” command.
D:
Additionally, a monitored packet capture of ‘self-traffic’ only (e.g. Dynamic Routing Protocol messages, ARP, management traffic, ICMP to Routing Engine) can be done using the ‘monitor traffic interface’ command. This is supported on both SRX Branch and High-end SRX devices. For more information, see KB15779 – SRX Getting Started – Troubleshooting Commands.
ABC correct 100%