So fingers crossed that this is an easy one for you guys,
Device is an SRX210BE running 11.4R5.5 code.
ive added the syslog host to the config
meeks@MeeksNet-SRX210> show configuration system syslog
archive size 100k files 3;
user * {
any emergency;
}
host 192.168.1.12 {
any any;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
file security {
security any;
}
file default-log-messages {
any any;
match "(requested 'commit' operation)|(copying configuration to
juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU
removal)|(FRU insertion)|(link UP)|(vc add)|(vc
delete)|transitioned|Transferred|transfer-file|QFABRIC_NETWORK_NODE_GROUP|QFABRIC_SERVER_NODE_GROUP|QFABRIC_NODE|(license
add)|(license delete)|(package -X update)|(package -X
delete)|GRES|CFMD_CCM_DEFECT|LFMD_3AH|MEDIA_FLOW_ERROR|RPD_MPLS_PATH_BFD";
structured-data;
}
and implemented the default deny template i found here:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB20778&actp=RSS
meeks@MeeksNet-SRX210> show configuration groups
default-deny-template {
security {
policies {
from-zone untrust to-zone trust {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
}
}
}
}
}
}
}
meeks@MeeksNet-SRX210> show configuration apply-groups
## Last commit: 2013-02-21 16:05:36 EST by meeks
apply-groups default-deny-template;
however, when i log on to the syslog host, and tail the syslog file i do
not see denies being logged remotely.
if i apply the session-init and session-close options to permitted traffic,
it does get logged remotely.
Alternatively,
creating a new policy has the same result, regardless if i use reject or
deny
meeks@MeeksNet-SRX210# show security policies from-zone untrust to-zone
trust policy deny-all
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
}
}
my google-foo is failing, so i hope you guys can help.
Looking forward to hearing back from you,
Mike
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp