Hi Stefan,
The syslog explorer contains the descriptions for all the events. Also, try to download these events as specified in the screenshot below(top right corner) and let me know whether it meets your requirement. The downloaded file will be in Excel format and it contains Name, Message, Help, Description etc. of these syslog events.
If it still doesn't meet your requirements, let's wait for other community members.
I'm running the current recommended version 9.1.2 (1149). Please see below the requested command outputs below.
Juniper-SRX300> show chassis routing-engine
Routing Engine status:
Temperature 39 degrees C / 102 degrees F
CPU temperature 53 degrees C / 127 degrees F
Total memory 4096 MB Max 1188 MB used ( 29 percent)
Control plane memory 2400 MB Max 792 MB used ( 33 percent)
Data plane memory 1696 MB Max 390 MB used ( 23 percent)
5 sec CPU utilization:
User 12 percent
Background 0 percent
Kernel 6 percent
Interrupt 0 percent
Idle 83 percent
Model RE-SRX300
Serial ID CV4117AF1129
Start time 2020-07-02 23:18:37 CDT
Uptime 7 days, 8 hours, 21 minutes, 34 seconds
Last reboot reason 0x200:normal shutdown
Load averages: 1 minute 5 minute 15 minute
0.30 0.25 0.18
Juniper-SRX300> show security monitoring performance spu
fpc 0 pic 0
Last 60 seconds:
0: 1 1: 1 2: 1 3: 1 4: 1 5: 1
6: 2 7: 2 8: 2 9: 1 10: 1 11: 1
12: 1 13: 2 14: 2 15: 3 16: 2 17: 1
18: 1 19: 1 20: 1 21: 1 22: 1 23: 3
24: 2 25: 1 26: 1 27: 2 28: 1 29: 1
30: 1 31: 1 32: 1 33: 1 34: 2 35: 2
36: 2 37: 1 38: 1 39: 1 40: 1 41: 1
42: 2 43: 1 44: 1 45: 2 46: 2 47: 2
48: 1 49: 1 50: 1 51: 2 52: 2 53: 2
54: 1 55: 1 56: 1 57: 1 58: 2 59: 2
Juniper-SRX300> show security monitoring performance session
fpc 0 pic 0
Last 60 seconds:
0: 288 1: 275 2: 273 3: 270 4: 273 5: 271
6: 271 7: 267 8: 274 9: 273 10: 275 11: 271
12: 274 13: 272 14: 273 15: 266 16: 268 17: 279
18: 278 19: 283 20: 280 21: 277 22: 268 23: 275
24: 275 25: 278 26: 271 27: 275 28: 274 29: 277
30: 271 31: 274 32: 277 33: 275 34: 274 35: 270
36: 280 37: 279 38: 277 39: 271 40: 273 41: 270
42: 276 43: 274 44: 276 45: 277 46: 275 47: 278
48: 275 49: 275 50: 273 51: 278 52: 273 53: 272
54: 264 55: 272 56: 271 57: 271 58: 268 59: 280
Juniper-SRX300> show interfaces ge-0/0/0 extensive
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 139, SNMP ifIndex: 511, Generation: 142
Description: To AT&T Gateway
Link-level type: Ethernet, MTU: 1514, LAN-PHY mode, Link-mode: Full-duplex, Speed: 1000mbps, BPDU Error: None, Loop Detect PDU Error: None, Ethernet-Switching Error: None,
MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: d0:07:ca:62:45:80, Hardware address: d0:07:ca:62:45:80
Last flapped : 2020-07-02 23:25:33 CDT (1w0d 08:15 ago)
Statistics last cleared: 2020-07-10 07:38:27 CDT (00:02:17 ago)
Traffic statistics:
Input bytes : 71259535 2461032 bps
Output bytes : 112765779 184704 bps
Input packets: 63135 260 pps
Output packets: 100385 210 pps
Dropped traffic statistics due to STP State:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 274, L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0,
Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0, FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 99406 99406 0
1 0 0 0
2 0 0 0
3 206 206 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
PCS statistics Seconds
Bit errors 0
Errored blocks 0
Ethernet FEC statistics Errors
FEC Corrected Errors 0
FEC Uncorrected Errors 0
FEC Corrected Errors Rate 0
FEC Uncorrected Errors Rate 0
MAC statistics: Receive Transmit
Total octets 72164055 114458150
Total packets 63220 100093
Unicast packets 62542 100093
Broadcast packets 531 0
Multicast packets 147 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 0
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 0
Output packet pad count 0
Output packet error count 0
CAM destination filters: 2, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: None, Remote fault: OK
Local resolution:
Flow control: None, Remote fault: Link OK
Packet Forwarding Engine configuration:
Destination slot: 0
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 950000000 95 0 low none
3 network-control 5 50000000 5 0 low none
Interface transmit statistics: Disabled
MACSec statistics:
Output
Secure Channel Transmitted
Protected Packets : 0
Encrypted Packets : 0
Protected Bytes : 0
Encrypted Bytes : 0
Input
Secure Channel Received
Accepted Packets : 0
Validated Bytes : 0
Decrypted Bytes : 0
Logical interface ge-0/0/0.0 (Index 79) (SNMP ifIndex 514) (Generation 144)
Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 71259835
Output bytes : 112764255
Input packets: 63142
Output packets: 100399
Local statistics:
Input bytes : 30903
Output bytes : 16665
Input packets: 493
Output packets: 119
Transit statistics:
Input bytes : 71228932 2457928 bps
Output bytes : 112747590 182064 bps
Input packets: 62649 256 pps
Output packets: 100280 208 pps
Security: Zone: untrust
Allowed host-inbound traffic : dhcp https ike
Flow Statistics :
Flow Input statistics :
Self packets : 95
ICMP packets : 24
VPN packets : 59238
Multicast packets : 4
Bytes permitted by policy : 68680921
Connections established : 579
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 110145732
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 4
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500
Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0
Generation: 157, Route table: 0
Flags: Sendbcast-pkt-to-re
Input Filters: BLOCKED-IPs
Addresses, Flags: Is-Preferred Is-Primary
Destination: 107.221.20/22, Local: 107.221.22.253, Broadcast: 107.221.23.255, Generation: 158
Juniper-SRX300> request pfe execute target fwdd command "show arena"
================ master ================
SENT: Ukern command: show arena
ID Base Total(b) Free(b) Used(b) % Name
-- ---------- ------------ ------------ ------------ --- ----
0 6433bc00 130023420 7216 130016204 99 jsf shm arena
1 6433bfa8 2088956 2017672 71284 3 global cntl SHM
2 64539fc0 127926268 56641968 71284300 55 global data SHM
3 64552e88 262140 259488 2652 1 Services control arena
4 b8d49d0 2097148 2096224 924 0 IDP Arena
5 c447300 67108860 52491592 14617268 21 jdpi arena
I was waiting that someone from Juniper would comment something, but I'm not even sure do they follow these community forums? I Tried registering free account with the lab access, but that also got rejected for some reason... I much rather use the device I already bought. It seems that only thing left to do for me is to Google some shady public ftp servers for newer firmware version. I just can't understand why everything that is "enterprise" has to be made this complicated and difficult...
Could it be that the upload speed of your Internet connection (where you VPNing from) is slow?
When your VPNed to your home SRX and download a file from the server, the direction of traffic is from your home to your location so the upload speed of your Internet connection (at home) and download speed of your location are what matters
(you somewhere with VPN) <=======[the Internet]<========== (your SRX)<==========(your fileserver)
As you can see, the upload speed of your home Internet and download speed of your current location are important
Now if you reverse the scenario where you are uploading file to your home server
(you somewhere with VPN) =======>[the Internet]==========>(your SRX)==========>(your fileserver)
In this case, it's your upload speed from where you're VPNed that matters most, including the download speed of your home Internet.
Most ISPs provide asynchronous Internet speed with great download speed but terrible upload speed. Your home Internet happens to be the exception since you can download file quite fast even when VPNed
Hi,
Everything seems fine with the SRX. No High RE CPU, No High PFE CPU, Session creation is way low, Memory utilization is normal.
Only thing I can see is policed discards and you already said that you have removed it. Just make sure it doesn't increment.
Apart from this I can't thing about anything that can actually cause slowness in SRX. May I know how you are uploading the files to your server? Any proprietary application or open source application such as WinSCP, Filezilla etc.
Here's a sanitized flow data from my SRX for the last 7 days
I removed all relevant personal/company identifiable information including (public) IP addresses and usernames/emails.
The ironic thing is, these data are collected in Splunk, and you are talking about using the same data in ELK. I do have an ELK server but I havent written the parsers yet for these Juniper flow information.
hzrnbgy,
thanks for your help.
Where can i find the flow data log file?
Hzrnbgy - No. The upload speed is 500Mbps where I'm VPNing from. Good question though!
Hi.
I've tried uploading files to my server using FTP, SMB and NFS. The upload speed never changes. I'm working on procuring another machine to test with. The first link provided doesn't appear to be for me, because I'm not having an issue upgrading from an older PulseSecure verision to the latest 9.1R2 build 1149. I've reviewed the other link and I did try solution two, but it didn't make a diference.
Hello,
Yes, the Juniper employees follow the J-Net community forums. I hope your concerns will be answered.
Also, I would suggest you to post your concern in "Training, Certification, and Career Topics" for visibility.
Have a Nice Day!!!
Hi,
Thank you for reverting.
Actually, the first link is applicable to everyone who is using Pulse Secure version 9.1R2 build 1149. This build contains the fix which was addressed in the following TSB17441.
However, the users might still face an issue post upgrading to the latest pulse version and the first link is about fixing those issue. So, I would say it's worth trying.
Thanks for your quick reply. I read the article again and can confirm the verison at both locations on my machine are the same.
Hi,
I think I haven't made myself clear in the previous reply.
Please be informed that even though you are in the latest version of the Pulse in Windows 10 at both the locations, the issue mentioned in the following KB article may occur - https://kb.juniper.net/InfoCenter/index?page=content&id=KB35342&actp=METADATA
I'm not saying that your current issue and the issue mentioned the KB article is similar but I think it would be great if you could carry out those steps in order to rule out this possibility. But it's up to you 
I replied before your post and stated both of my versions are the same. If I'm reading the KB article correctly, if both file locations have the same version number of 9.1.0.1, which mine do, there is nothing for me to do. Both of my versions are correct. Maybe I'm not understanding the article correctly?
A. If the driver files are reporting as follows in both locations, then perform the steps below to correct the problem.
Incorrect version in "C:\windows\system32\drivers" ---> Correct version for me
Correct version in "C:\Program Files (x86)\Common Files\Juniper Networks\JNPRNA\Drivers\jnprns\" ---> Correct version for me
Hello,
Actually, I have interpreted your answer incorrectly. Now I understand what you meant.
Thanks for the elaborate answer.
I'm marking this solved, but it's some what not. I installed an early copy of Windows 10 in VMware Workstation on the same machine that is having slow upload speeds and the VPN upload speed on the early copy of Windows 10 was over 10Mbps. There appears to be an issue with a Windows update that was installed recently on my physical Windows 10 machine. This is not an issue with the Juniper SRX300 or my configurations. Thanks for the help!
You asked...
Because the sessions, including the session to the SRX, froze - as if they were no longer allowed through the firewall. They could only be restarted by terminating the ssh and restarting it.
It took me a while to understand what you want me to do.
If I set the connection limit then it does not impact sessions already established.
Now I have one rule using my-ssh and other rules use junos-ssh. This is fine. If I ssh through the firewall and then delete the matching policy elements then the ssh session survives.
Hey,
It looks like an unusual behaviour. If the session is already created it would be cleared only if we do it manually or when the session timeout occurs.
We can further verify by taking console access to the SRX and monitoring the sessions on one terminal; while doing the SSH on another. This way we can get more clue about this issue.
Let me know if you need anything.
When rules are matched, session creation should be logged (log session-init). If the session is terminated through the table being cleared or some other event that's not initiated by either end point, will something be logged if "log session-close" is present?
Yes, you are right. If the session-init/session-close are configured under the security policy and if there is a matching traffic to that policy the logging will be triggered.
Since this is a host-inbound-traffic it will take a default policy which is self-traffic-policy where there won't be logging enabled. So, if you wish to log the host-inbound-traffic, create a rule as mentioned in the following KB article - https://kb.juniper.net/InfoCenter/index?page=content&id=KB26518&actp=METADATA