Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Logging the Dropped Packets Using Default Deny-all Option

The evaluated configuration device drops all IPv6 traffic by default. This topic describes how to log packets dropped by this default deny-all option.

  1. Before you begin, log in with your root account on a Junos OS device running Junos OS Release 22.2R1 and edit the configuration.


You can enter the configuration commands in any order and commit all the commands at once.

To log packets dropped by the default deny-all option:

  1. Configure a network security policy in a global context and specify the security policy match criteria.
  2. Specify the policy action to take when the packet matches the criteria.
  3. Configure the security policy to enable logs at the session initialization time.

This procedure might capture a very large amount of data until you have configured the other policies.

To permit all IPv6 traffic into an SRX Series Firewall, configure the device with flow-based forwarding mode. While the default policy in flow-based forwarding mode is still to drop all IPv6 traffic, you can now add rules to permit selected types of IPv6 traffic.