Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Logging the Dropped Packets Using Default Deny-all Option

 

The evaluated configuration device drops all IPv6 traffic by default. This topic describes how to log packets dropped by this default deny-all option.

  • Before you begin, log in with your root account on a Junos OS device running Junos OS Release 20.4R1 and edit the configuration.

Note

You can enter the configuration commands in any order and commit all the commands at once.

To log packets dropped by the default deny-all option:

  1. Configure a network security policy in a global context and specify the security policy match criteria.
  2. Specify the policy action to take when the packet matches the criteria.
  3. Configure the security policy to enable logs at the session initialization time.
Note

This procedure might capture a very large amount of data until you have configured the other policies.

To permit all IPv6 traffic into an SRX Series device, configure the device with flow-based forwarding mode. While the default policy in flow-based forwarding mode is still to drop all IPv6 traffic, you can now add rules to permit selected types of IPv6 traffic.