Solved

clean-up rule netscreen firewall

Posted on 2016-11-15
3
101 Views
Last Modified: 2016-11-22
Hello everyone.
I'm still looking for your precious help on writing a best practice on "hardening netscreen firewalls".
My supervisor is asking to write down about cleanup rules so could you please tell me if the following is correct or how I can Improve it .
Thank you


Firewall administrators implements the cleanup rule in order to log the traffic which is being dropped.
The logs produced by the cleanup rule are normally used to perform troubleshooting activities or can then be fed into event analysis systems like a SIEM to improve visibility into network activity.

A cleanup rule should  be placed at the end of a policy zone to zone
ns-> set policy id 100 name "Clean-up Rule" from "ZONE-A" to "ZONE-B"  "Any" "Any" "ANY" deny log 
ns-> set policy id 100

Open in new window

0
Comment
Question by:carlettus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 18

Accepted Solution

by:
Sanga Collins earned 400 total points
ID: 41887889
This is the correct rule

ns-> set policy id 100 name "Clean-up Rule" from "GLOBAL" to "GLOBAL"  "Any" "Any" "ANY" deny log
ns-> set policy id 100

Global - global allows you to log all traffic that does not match and existing security policy. It is the first policy I add after trust to untrust
0
 
LVL 27

Assisted Solution

by:skullnobrains
skullnobrains earned 100 total points
ID: 41888179
so called "cleanup rules" are rather useless unless
- a huge deal of traffic is NOT logged because nobody cares about robots checking for open smtp, ftp, ssh, or whatever since you basically cannot do anything to prevent random scans and they will produce so much output they will hide useful stuff
- someone actually analyses the logs ( and the previous is mandatory in order to achieve that goal )

most of what is interesting to monitor will be internal traffic because you know precisely what to expect and anything that is not expected need to be dealt with.

this is not specific to netscreen.
0
 

Author Closing Comment

by:carlettus
ID: 41897552
Thank you
Carletus
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5510 Question 2 31
Symantec Endpoint Production 14 Questions 3 52
GPO denied - but why ? 6 57
IT pictures and movies to alert the staff 11 68
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question