2010/3/12 TCIS List Acct <lista...@tulsaconnect.com>

> We've got a pair of Juniper SSG-550's in HA mode running Screen OS
> 6.1.0r4.0. For the life of me I can't figure out how to enable logging for
> denied/blocked traffic for the implicit default-deny rule.  I've followed
> the instructions found in the Screen OS Cookbook with no results.
>
> Anyone have any pointers?
>

You can find this in the ScreenOS cli guide, at least in ScreenOS 6.2. The
command is "set flow log-dropped-packet". The output can be show using "get
log flow-deny", but a test shows me that it also ends up in the traffic log
as policy id 32000 (ns-5gt).

Be aware of the possible impact on the cpu on logging all denied sessions.

--
Hans Kristian Eiken
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to