Configuring Juniper Devices


    Firewall Analyzer supports the following Juniper devices.

    Configuring to send Syslog Messages from SRX device

     Using J-Web

    1. Log in to the Juniper SRX device.
    2. Click Configure > CLI Tools > Point and Click CLI in the Juniper SRX device.
    3. Expand System and click Syslog.
    4. In the Syslog page, click Add New Entry placed next to 'Host'.
    5. Enter the IP address of the remote Syslog server (i.e., Firewall Analyzer).
    6. Click Apply to save the configuration.

    Using CLI

    1. Log in to the Juniper SRX device CLI console.
    2. Execute the following command:
    user@host#  set system syslog host <IP address of the remote Syslog server (i.e., Firewall Analyzer)> any any

     

    To enable logging for Security policy:

    Using J-Web

    • Select Configure > Security > Policy > FW Policies.
    • Click on the policy for which you would like to enable logging.
    • Navigate to Logging/Count and in Log Options, select Log at Session Close Time.

    Using CLI

    1. Log in to the Juniper SRX device CLI console.
    2. Execute the following command:

    user@host# set security policies from-zone trust to-zone untrust policy permit-all then log session-close

     

    Juniper Networks IDP Device (version IDP 50)

     Configuring to send Syslog Messages directly from Sensor

    1. Log in to the Juniper Networks IDP device.
    2. Click Device > Report Settings > Enable Syslog in the Juniper Networks IDP device.
    3. Select the Enable Syslog Messages check box.
    4. Click Apply to save the changes.

    This configuration will generate syslogs for:

    • All attacks
    • Policy load
    • Restart

    This configuration will not provide:

    • Profiler logs
    • Device connect/disconnect logs
    • Interface UP/DOWN logs
    • Logs for Bypass State Changes 

    Configuring to send Syslog Messages from NSM 

    1. Log in to NSM.
    2. Click Action Manager > Action Parameters > Define a Syslog Server in the NSM.
    3. Click Action Manager > Device Log Action Criteria > Category in the NSM.
    4. Select Category = all and Actions = syslog enable
    5. Click Apply to save the changes.

    This configuration will generate syslogs for:

    • All attacks
    • Policy load
    • Restart
    • Profiler logs
    • Device connect/disconnect logs

    This configuration will not provide:

    • Interface UP/DOWN logs
    • Logs for Bypass State Changes

     

    Refer the Juniper firewall analyzer feature page to know more about how Firewall analyzer addresses the Juniper firewall requirements.