1. Home
    2. Best Practices
    3. Internet Gateway Best Practice Security Policy
    4. Best Practice Internet Gateway Security Policy
    5. Define the Initial Internet Gateway Security Policy
    6. Step 5: Enable Logging for Traffic that Doesn’t Match Any Rules

    Step 5: Enable Logging for Traffic that Doesn’t Match Any Rules

    Traffic that does not match any of the rules you defined will match the predefined interzone-default rule at the bottom of the rulebase and be denied. For visibility into the traffic that is not matching any of the rules you created, enable logging on the interzone-default rule:
    1. Select the interzone-default row in the rulebase and click
      Override
       to enable editing on this rule.
    2. Select the
      interzone-default
       rule name to open the rule for editing.
    3. On the
      Actions
       tab, select
      Log at Session End
       and click
      OK
      .
    4. Create a custom report to monitor traffic that hits this rule.
      1. Select
        Monitor
        Manage Custom Reports
        .
      2. Add
         a report and give it a descriptive
        Name
        .
      3. Set the
        Database
         to
        Traffic Summary
        .
      4. Select the
        Scheduled
         check box.
      5. Add the following to the Selected Columns list:
        Rule
        ,
        Application
        ,
        Bytes
        ,
        Sessions
        .
      6. Set the desired
        Time Frame
        ,
        Sort By
         and
        Group By
         fields.
      7. Define the query to match traffic hitting the interzone-default rule:
        (rule eq 'interzone-default')
    5. Commit
       the changes you made to the rulebase.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo