Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What are the common Debug types?

0

0

Article ID: KB6721 KB Last Updated: 28 Jan 2013Version: 4.0
Summary:
This article provides information about the common Debug types.
Symptoms:
Information about the common Debug types.
Cause:

Solution:

The common Debug types are:

  • Debug Flow Basic/Undebug Flow Basic: This is probably the most used of the debug options; though it is the most CPU intensive. It Provides a view of the traffic flow through a NetScreen device.

  • Debug IKE Detail/Undebug IKE Detail: This is used to view the IKE Phase 1 and Phase 2 negotiations.  Most IKE issues can be observed, when viewing the event log.  However, when troubleshooting a VPN with another vendor, debug IKE detail could provide information on how the other VPN has been configured.

  • Debug PKI Detail/Undebug PKI Detail: This is used to view the passing of digital certificates and the other events that occur in phase 1 of the IKE negotiation with RSA or DSA.

  • Debug NAT/Undebug NAT: This is used to view NAT translations, as they occur through the NetScreen device.

  • Debug DHCP/Undebug DHCP: This is used to view the DHCP lease assignments.

Debug types, such as snoop, are a powerful troubleshooting tool; but it must be used with caution. The performance degradation will be dependent on the following factos:

  1. debug flow basic is the most CPU intensive. So, it is advised to run it with the appropriate flow filters. Flow filters can be narrowed down for different requirements:
    Flow Setting Options: set ff <<source,destination-ip || source,destination-port || ip-protocol >>
  2. The amount of traffic that is being through the firewall.

  3. The method of output. Sending the output to the debug buffer (set console dbuf) is strongly recommended.
For more information on how to run the debugs, refer to KB5536 - How do I capture debugging (debug flow) information?
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search