Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules
Internet gateway traffic that flows between zones and that doesn't match the rules you defined
matches the predefined interzone-default rule at the bottom of the rulebase and is
denied. (The predefined intrazone-default allow rule matches traffic within the same
zone by default; only traffic between different zones is denied by default.) To gain
visibility into the traffic that doesn't match the allow and block rules you
created, enable logging on the interzone-default rule:
Select the row with the interzone-default rule in the rulebase and
Override
the rule to edit it.
Select the
interzone-default
rule
name to open the rule for editing.
On the
Actions
tab, select
Log at Session
End
and then click
OK
.
To view the log information in one place, create a custom report to monitor
traffic that matches the
interzone-default
rule:
Select
Monitor
Manage Custom Reports
.
Add
a report and give it a
Name
that describes the content and purpose
of the report.
Set the
Database
to
Traffic
Summary
.
Select the
Scheduled
check box.
Set the
Time Frame
to specify the time period
each report covers, set
Sort By
to sort the
information by bytes, sessions, packets, or threats, and set
Group By
to determine how the information is
grouped (by time, application, risk, etc.).
Add
Rule
,
Application
,
Bytes
, and
Sessions
to
the Selected Columns list.
Define the query to match traffic that matches the