: Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules
Focus
Focus

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Table of Contents

Step 5: Enable Logging for Traffic That Doesn’t Match Any Rules

Internet gateway traffic that flows between zones and that doesn't match the rules you defined matches the predefined interzone-default rule at the bottom of the rulebase and is denied. (The predefined intrazone-default allow rule matches traffic within the same zone by default; only traffic between different zones is denied by default.) To gain visibility into the traffic that doesn't match the allow and block rules you created, enable logging on the interzone-default rule:
  1. Select the row with the interzone-default rule in the rulebase and
    Override
    the rule to edit it.
  2. Select the
    interzone-default
    rule name to open the rule for editing.
  3. On the
    Actions
    tab, select
    Log at Session End
    and then click
    OK
    .
  4. To view the log information in one place, create a custom report to monitor traffic that matches the
    interzone-default
    rule:
    1. Select
      Monitor
      Manage Custom Reports
      .
    2. Add
      a report and give it a
      Name
      that describes the content and purpose of the report.
    3. Set the
      Database
      to
      Traffic Summary
      .
    4. Select the
      Scheduled
      check box.
    5. Set the
      Time Frame
      to specify the time period each report covers, set
      Sort By
      to sort the information by bytes, sessions, packets, or threats, and set
      Group By
      to determine how the information is grouped (by time, application, risk, etc.).
    6. Add
      Rule
      ,
      Application
      ,
      Bytes
      , and
      Sessions
      to the Selected Columns list.
    7. Define the query to match traffic that matches the
      interzone-default
      rule:
      (rule eq 'interzone-default')
  5. Commit
    the changes you made to the rulebase.

Recommended For You