2010/3/12 TCIS List Acct <lista...@tulsaconnect.com> > We've got a pair of Juniper SSG-550's in HA mode running Screen OS > 6.1.0r4.0. For the life of me I can't figure out how to enable logging for > denied/blocked traffic for the implicit default-deny rule. I've followed > the instructions found in the Screen OS Cookbook with no results. > > Anyone have any pointers? >
You can find this in the ScreenOS cli guide, at least in ScreenOS 6.2. The command is "set flow log-dropped-packet". The output can be show using "get log flow-deny", but a test shows me that it also ends up in the traffic log as policy id 32000 (ns-5gt). Be aware of the possible impact on the cpu on logging all denied sessions. -- Hans Kristian Eiken _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp