[nn] Logging 'deny all' and forcing policy to bottom

To:	"Netscreen Mailing List" <nn@qorbit.net>
Subject:	[nn] Logging 'deny all' and forcing policy to bottom
From:	Joe Loiacono <jloiacon@csc.com>
Date:	Tue, 12 Dec 2006 09:17:50 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ns-list2@consult.net
Delivered-to:	nn@qorbit.net
In-reply-to:	<OF69238DD7.6C1057C1-ON85257241.00784A44-85257241.007888D5@csc.com>
List-archive:	<http://www.qorbit.net/nn>
List-help:	<mailto:nn-request@qorbit.net?subject=help>
List-id:	"Netscreen mailing list for netscreen admins." <nn.qorbit.net>
List-post:	<mailto:nn@qorbit.net>
List-subscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=subscribe>
List-unsubscribe:	<http://qorbit.net/mailman/listinfo/nn>, <mailto:nn-request@qorbit.net?subject=unsubscribe>
Sender:	nn-bounces@qorbit.net

The only way to log traffic that gets caught by the 'deny all' implicit rule, is to make it an explicit rule with the 'log' option. However, once you do this, you must reorder your policies every time you add a new one to force the explicit 'deny all' to the bottom of the list.

The KB says it can't be done, but I thought I had seen someone show how to force this to the bottom in an earlier list email, but I can't find it now. :-(

Anyone know how to do this?

Thanks,

Joe

Joe Loiacono/CIV/CSC@CSC
Sent by: nn-bounces@qorbit.net

12/11/2006 04:51 PM

To	"Netscreen Mailing List" <nn@qorbit.net>
cc
Subject	[nn] NS25 crashes on license upgrade

Had a NetScreen 25 crash during an upgrade of license keys from Basic to Advanced. Has this happened to anyone before? KB has nothing.

Thanks,

Joe_______________________________________________ nn mailing list nn@qorbit.net http://qorbit.net/mailman/listinfo/nn

_______________________________________________
nn mailing list
nn@qorbit.net
http://qorbit.net/mailman/listinfo/nn

<Prev in Thread]	Current Thread	[Next in Thread>
[nn] Can't add 101st MIP..., Binand Sethumadhavan Re: [nn] Can't add 101st MIP..., Ernest Lau [nn] NS25 crashes on license upgrade, Joe Loiacono Re: [nn] NS25 crashes on license upgrade, Jost Menke [nn] Logging 'deny all' and forcing policy to bottom, Joe Loiacono <= Re: [nn] Logging 'deny all' and forcing policy to bottom, dh Re: [nn] Logging 'deny all' and forcing policy to bottom, Joe Loiacono

Previous by Date:	Re: [nn] NS25 crashes on license upgrade, Jost Menke
Next by Date:	[nn] creating a tunnel betwwen ns 5gt and a cisco router, damola
Previous by Thread:	Re: [nn] NS25 crashes on license upgrade, Jost Menke
Next by Thread:	Re: [nn] Logging 'deny all' and forcing policy to bottom, dh
Indexes:	[Date] [Thread] [Top] [All Lists]