Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  How can we monitor and access firewall related logs?

    Posted 12-06-2023 08:05

    Hi, I'm working on an integration for which I have the following queries, I would really appreciate if someone could help me to answer these queries:
        1.    I am looking for Firewall details on the Juniper vSRX  website documentation but I could not locate them anywhere.
        2.    Could someone confirm if Juniper vSRX capture the Firewall logs? If yes, then is there any web API using which we can fetch these details, also it would be nice if anyone                   can guide us on how to setup this API.


    Thank you 
    Jai Kishan 



    ------------------------------
    JAI KISHAN
    ------------------------------


  • 2.  RE: How can we monitor and access firewall related logs?

    Posted 12-08-2023 01:30

    Hi Jai,

    If you are using Security Director, it will automatically create these for you when you enable logging under your Unified/Standard Security Policies.

    On the SRX not managed by Security Director this is done by configuring `log session-init | session-close` for each security policy you specify. These logs can be captured by syslog deamon matching "RT_FLOW_SESSION" either on local files or forwarded to a syslog server.

     For more detailed documentation on this procedure, see https://supportportal.juniper.net/s/article/SRX-Getting-Started-Configure-Traffic-Logging-Security-Policy-Logs-for-SRX-Branch-Devices?language=en_US



    ------------------------------
    GAVIN WHITE
    ------------------------------



  • 3.  RE: How can we monitor and access firewall related logs?

    Posted 12-12-2023 09:33

    Actually, we're not presently using the vSRX product, we're open to purchasing it if it aligns with our requirements, and we aim to do so as soon as possible.

    Before proceeding, we'd like to inquire about the availability of test credentials for vSRX firewall logs related API access or the possibility of obtaining a product evaluation license.

    Your assistance in resolving this matter would be highly appreciated.


    Could someone please provide insights, guidance, or support to help me successfully access the API? Your prompt response and assistance are invaluable.

    Thank you in advance for your help.



    ------------------------------
    JAI KISHAN
    ------------------------------



  • 4.  RE: How can we monitor and access firewall related logs?

    Posted 12-13-2023 13:31

    Hi Jai,

         On the SRX device we can configure both security / system logs to either log locally to a file or stream log locally or stream log to remote destinations.

    1.  Configure security stream mode logging. You can configure this mode to send logs to a remote server.
    2. Configure security event mode logging.   You can configure this mode as well to send logs to a remote server, but as this logging is processed from the control plane this would have an impact on the utilization of the SRX device. (Not recommended.)
    3. Configure security stream logging to a file on the SRX device.
    4. Configure stream mode logging to log all security log events locally.

    The link below will cover all the scenario's above.

    https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/system-logging-for-a-security-device.html

    Other resources:

    https://www.youtube.com/watch?v=tDkfCDAZOas

    https://supportportal.juniper.net/s/article/JSA-Junos-Space-SRX-How-to-forward-logs-from-an-SRX-device-to-an-external-syslog-server-like-JSA-Junos-Space?language=en_US



    ------------------------------
    Pradeep Hattiangadi
    ------------------------------



  • 5.  RE: How can we monitor and access firewall related logs?

    Posted 12-14-2023 10:42

    Hi Jai,

    Hope your queries are resolved.

    In addition to the details shared by Pradeep, please refer to the below link for all documentation related to vSRX :

    https://www.juniper.net/documentation/product/us/en/vsrx/

    Kindly let us know if you need more info.

    Rgds,

    Sai 



    ------------------------------
    Sai Prashanth Ramanathan
    ------------------------------