Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules
Table of Contents
Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules
Internet gateway traffic that flows between zones and that doesn't match the rules you defined
matches the predefined interzone-default rule at the bottom of the rulebase and is
denied. (The predefined intrazone-default allow rule matches traffic within the same
zone by default; only traffic between different zones is denied by default.) To gain
visibility into the traffic that doesn't match the allow and block rules you
created, enable logging on the interzone-default rule:
- Select the row with the interzone-default rule in the rulebase and Override the rule to edit it.Select the interzone-default rule name to open the rule for editing.On the Actions tab, select Log at Session End and then click OK.To view the log information in one place, create a custom report to monitor traffic that matches the interzone-default rule:
- Select .Add a report and give it a Name that describes the content and purpose of the report.Set the Database to Traffic Summary.Select the Scheduled check box.Set the Time Frame to specify the time period each report covers, set Sort By to sort the information by bytes, sessions, packets, or threats, and set Group By to determine how the information is grouped (by time, application, risk, etc.).Add Rule, Application, Bytes, and Sessions to the Selected Columns list.Define the query to match traffic that matches the interzone-default rule:(rule eq 'interzone-default')Commit the changes you made to the rulebase.
