JUNIPER DUMP‎ > ‎

Juniper Default Logging

posted 6 Aug 2017, 06:37 by Donald Ross
set groups DENY-TEMPLATE security policies from-zone <*> to-zone <*> policy DEFAULT-DENY-ALL match source-address any
set groups DENY-TEMPLATE security policies from-zone <*> to-zone <*> policy DEFAULT-DENY-ALL match destination-address any
set groups DENY-TEMPLATE security policies from-zone <*> to-zone <*> policy DEFAULT-DENY-ALL match application any
set groups DENY-TEMPLATE security policies from-zone <*> to-zone <*> policy DEFAULT-DENY-ALL then deny
set groups DENY-TEMPLATE security policies from-zone <*> to-zone <*> policy DEFAULT-DENY-ALL then log session-init

set groups GLOBAL-LOGGING security policies from-zone <*> to-zone <*> policy <*> then log session-init
set groups GLOBAL-LOGGING security policies from-zone <*> to-zone <*> policy <*> then log session-close
set groups GLOBAL-LOGGING security policies from-zone <*> to-zone <*> policy <*> then count

set apply-groups DENY-TEMPLATE

set apply-groups GLOBAL-LOGGING

show | display inheritance

show configuration groups junos-defaults applications 
Comments