Step 5: Enable Logging for Traffic that Doesn’t Match Any Rules

Traffic that does not match any of the rules you defined will match the predefined interzone-default rule at the bottom of the rulebase and be denied. For visibility into the traffic that is not matching any of the rules you created, enable logging on the interzone-default rule:
  1. Select the interzone-default row in the rulebase and click Override to enable editing on this rule.
  2. Select the interzone-default rule name to open the rule for editing.
  3. On the Actions tab, select Log at Session End and click OK.
  4. Create a custom report to monitor traffic that hits this rule.
    1. Select MonitorManage Custom Reports.
    2. Add a report and give it a descriptive Name.
    3. Set the Database to Traffic Summary.
    4. Select the Scheduled check box.
    5. Add the following to the Selected Columns list: Rule, Application, Bytes, Sessions.
    6. Set the desired Time Frame, Sort By and Group By fields.
    7. Define the query to match traffic hitting the interzone-default rule:
      (rule eq 'interzone-default')
  5. Commit the changes you made to the rulebase.

Related Documentation