Feb 26 2012

Juniper SRX: Customize “Default-Deny” policy to allow Dropped Sessions Logging.

In JunOS traffic which doesn’t match an explicitly defined security policy matches against the default-deny policy.

Administrators who would track (LOG) denied sessions, will simply choose to create their own deny policies with the desired options and place this deny policy as the last policy for traffic going from one zone to another.
While working with instances where many zones have been configured, it might be very time-consuming to manually configure this to accommodate all zones.
Continue reading