08-12-2010 06:39 AM
I am wondering how to log all the traffic matching the default-deny rule on the SRX Firewall? I can make this rule myself, but i have to do it between every security zone. Is there an easier way to achieve this?
Off course i red some KB articles from Juniper. But no answer to my question yet. Any help would be appreciated!
08-12-2010 10:54 AM
You have to add your own drop rule with logging at the bottom of your rule list.
FYI, unless you are streaming your logs to an external Syslog server logging all of the drops will likely fill local storage and kill your box.
08-14-2010 10:27 PM
I agree with SomeITGuy. You cannot log default policy. You would need to configure a policy specifically to log deny traffic. External syslog for such logging is wise especially if you expect lots of traffic hitting the deny policies. The system can handle only so many logs as flash space is finite.
08-13-2013 11:20 PM
You need to create a new global policy and log it. Setup a syslog local file to match the policy name.
You could try a template for each zone/zone pair but I found an issue with this - namely it would mean any new policies added would be ignored due to the deny-all rule as the last sequence number. The global deny-all would solve this.
08-14-2013 08:09 AM