SRX

last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Deactivating rules on SRX and logs

    Posted 11-03-2012 09:00

    Assuming, we have 5 rules in a policy.

     

    Following are my doubts:-

     

     

    1. does srx has an explicit deny under the last rule of each policy?

    2. Is there a way to create but deactivate the rules until needed?

    3. is there a command or output to see what traffic is being denied?

      eg. if  there is  a rule to allow ftp from source A to source B, and from the same source a request is sent to same destination for http traffic, will we see a deny log indicating an http request which was denied.

    where do we see this?

     

    Thanks.



  • 2.  RE: Deactivating rules on SRX and logs

    Posted 11-03-2012 09:43

    Hi,

     

    1. Yes, For each context (from-zone x to-zone y), after the user-defined policies, at the end  there will be a default deny (implicit) rule .

     

    2. Yes , Use Deactivate ( this applies not only for policies, but for any config hierarchy) . For example ,

     

    deactivate  security policies from-zone INTERNAL to-zone INTERNAL policy restrict-specific

     

    To reactivate it , use activate  security policies from-zone INTERNAL to-zone INTERNAL policy restrict-specific

     

    3.  If the traffic is getting denied by default policy (implicit) ,you will not be able to see it in logs. If required , at the end we can have a policy with match condition any,any,any  and action deny  +log , then we can see all the denied traffic logs using "show log rtlogd"  .