08-12-2010 06:39 AM
I am wondering how to log all the traffic matching the default-deny rule on the SRX Firewall? I can make this rule myself, but i have to do it between every security zone. Is there an easier way to achieve this?
Off course i red some KB articles from Juniper. But no answer to my question yet. Any help would be appreciated!
08-12-2010 10:54 AM
You have to add your own drop rule with logging at the bottom of your rule list.
FYI, unless you are streaming your logs to an external Syslog server logging all of the drops will likely fill local storage and kill your box.
08-14-2010 10:27 PM
I agree with SomeITGuy. You cannot log default policy. You would need to configure a policy specifically to log deny traffic. External syslog for such logging is wise especially if you expect lots of traffic hitting the deny policies. The system can handle only so many logs as flash space is finite.