SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Annemiek
Visitor
Annemiek
Posts: 1
Registered: ‎08-12-2010
0

SRX firewall logging default-deny rule

Options

‎08-12-2010 06:39 AM

Hi Guys,

 

I am wondering how to log all the traffic matching the default-deny rule on the SRX Firewall? I can make this rule myself, but i have to do it  between every security zone. Is there an easier way to achieve this?

 

Off course i red some KB articles from Juniper. But no answer to my question yet. Any help would be appreciated!

 

tnx,

Annemiek

 

.

Message 1 of 3 (5,223 Views)
 
Reply
Trusted Contributor
SomeITGuy
Posts: 330
Registered: ‎01-08-2010
0

Re: SRX firewall logging default-deny rule

Options

‎08-12-2010 10:54 AM

You have to add your own drop rule with logging at the bottom of your rule list.

 

FYI, unless you are streaming your logs to an external Syslog server logging all of the drops will likely fill local storage and kill your box.

Message 2 of 3 (5,211 Views)
 
Reply
Distinguished Expert Distinguished Expert
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: SRX firewall logging default-deny rule

Options

‎08-14-2010 10:27 PM

I agree with SomeITGuy. You cannot log default policy. You would need to configure a policy specifically to log deny traffic. External syslog for such logging is wise especially if you expect lots of traffic hitting the deny policies. The system can handle only so many logs as flash space is finite.

 

-Richard

Message 3 of 3 (5,149 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.