Focus

Internet Gateway Best Practice Security Policy

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Table of Contents

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Internet gateway traffic that doesn't match the rules you defined matches the predefined interzone-default rule at the bottom of the rulebase and is denied. For visibility into the traffic that doesn't match the rules you created, enable logging on the interzone-default rule:

Select the interzone-default rule's row in the rulebase and

Override

the rule to edit it.

Select the

interzone-default

rule name to open the rule for editing.

On the

Actions

tab, select

Log at Session End

and click

Create a custom report to monitor traffic that matches the rule:

Select

Monitor

Manage Custom Reports

Add

a report and give it a descriptive

Name

Set the

Database

Traffic Summary

Select the

Scheduled

check box.

Add

Rule

Application

Bytes

Sessions

to the Selected Columns list.

Set the desired

Time Frame

Sort By

, and

Group By

fields.

Define the query to match traffic that matches the interzone-default rule:

(rule eq 'interzone-default')

Commit

the changes you made to the rulebase.

Step 4: Create the Temporary Tuning Rules

Monitor and Fine-Tune the Policy Rulebase

Internet Gateway Best Practice Security Policy

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Recommended For You