Feb 26 2012

Juniper SRX: Customize “Default-Deny” policy to allow Dropped Sessions Logging.

In JunOS traffic which doesn’t match an explicitly defined security policy matches against the default-deny policy.

Administrators who would track (LOG) denied sessions, will simply choose to create their own deny policies with the desired options and place this deny policy as the last policy for traffic going from one zone to another.
While working with instances where many zones have been configured, it might be very time-consuming to manually configure this to accommodate all zones.
Continue reading

Jul 18 2011

NAT Logging on Cisco Routers

The ip nat log translations syslog command is used to perform NAT logging.

Every NAT translation created on the router is logged to syslog (which can be addressed to console, syslog host or internal buffer).

This command is useable to monitor address translations on edge routers (for example, due to security policy or auditing requirements). Continue reading