1. Home
    2. Best Practices
    3. Internet Gateway Best Practice Security Policy
    4. Best Practice Internet Gateway Security Policy
    5. Define the Initial Internet Gateway Security Policy
    6. Step 5: Enable Logging for Traffic that Doesn’t Match Any Rules

    Step 5: Enable Logging for Traffic that Doesn’t Match Any Rules

    Traffic that does not match any of the rules you defined will match the predefined interzone-default rule at the bottom of the rulebase and be denied. For visibility into the traffic that is not matching any of the rules you created, enable logging on the interzone-default rule:
    1. Select the interzone-default row in the rulebase and click Override to enable editing on this rule.
    2. Select the interzone-default rule name to open the rule for editing.
    3. On the Actions tab, select Log at Session End and click OK.
    4. Create a custom report to monitor traffic that hits this rule.
      1. Select MonitorManage Custom Reports.
      2. Add a report and give it a descriptive Name.
      3. Set the Database to Traffic Summary.
      4. Select the Scheduled check box.
      5. Add the following to the Selected Columns list: Rule, Application, Bytes, Sessions.
      6. Set the desired Time Frame, Sort By and Group By fields.
      7. Define the query to match traffic hitting the interzone-default rule:
        (rule eq 'interzone-default')
    5. Commit the changes you made to the rulebase.

    Related Documentation

    Log Data Center Traffic that Matches No Interzone Rules

    By default, the firewall denies traffic between data center zones (interzone traffic) that matches no Security policy allow rule. Log and examine this traffic to ...

    Remove the Temporary Rules

    Remove the Temporary Rules After several months of monitoring your initial internet gateway best practice security policy, you should see less and traffic hitting the ...

    Create Data Center Traffic Block Rules

    Block traffic you know you don’t want in your data center and use block rules to discover unknown applications and users. ...

    Follow Post-Deployment Data Center Best Practices

    This checklist shows you how to monitor and maintain your best practice data center deployment to keep your network safe as applications and circumstances evolve. ...

    Monitor and Fine Tune the Policy Rulebase

    Monitor and Fine Tune the Policy Rulebase A best practice security policy is iterative. It is a tool for safely enabling applications, users, and content ...

    Log Intra Data Center Traffic That Matches the Intrazone Al...

    Data centers are a good place for attackers to hide because security often focuses on users and overlooks servers. Log east-west traffic between servers and ...

    Monitor Data Center Block Rules and Tune the Rulebase

    Monitor traffic that you explicitly block so that you can investigate potential attacks and evaluate whether you should allow any of the blocked traffic. ...

    Define the Initial Internet Gateway Security Policy

    Define the Initial Internet Gateway Security Policy The overall goal of a best practice internet gateway security policy is to use positive enforcement of whitelist ...

    Step 4: Create the Temporary Tuning Rules

    Step 4: Create the Temporary Tuning Rules The temporary tuning rules are explicitly designed to help you monitor the initial best practice rulebase for gaps ...

    Security Policy

    Security Policy Security policy protects network assets from threats and disruptions and aids in optimally allocating network resources for enhancing productivity and efficiency in business ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo