STIGQter: STIG Summary: Juniper SRX Services Gateway ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020: STIGQter: STIG Summary: Juniper SRX Services Gateway ALG Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:SV-214521r557389_rule
V-214521
SRG-NET-000333-ALG-000049
JUSX-AG-000057
CAT II
10
Logging for security-related sources such as screens and security policies must be configured separately.
The following example specifies that security log messages in structured-data format (syslog format) are sent from the source <MGT IP address> (e.g., the SRX's loopback or other interface IP address) to an external syslog server.
[edit]
set security log cache
set security log format syslog
set security log source-address <MGT IP Address>
set security log stream <stream name> host <syslog server IP Address>
To get traffic logs from permitted sessions, add "then log session-close" to the policy.
To get traffic logs from denied sessions, add "then log session-init" to the policy. Enable Logging on Security Policies:
[edit]
set security policies from-zone <zone-name> to-zone <zone-name> policy <policy-name> then log <event>
Example to log session init and session close events:
set security policies from-zone trust to-zone untrust policy default-permit then log session-init
set security policies from-zone trust to-zone untrust policy default-permit then log session-close
To verify that traffic logs are being sent to the syslog server, check the syslog server files.
If traffic logs are not being sent to the syslog server, this is a finding.
V-214521
False
JUSX-AG-000057
To verify that traffic logs are being sent to the syslog server, check the syslog server files.
If traffic logs are not being sent to the syslog server, this is a finding.
M
4004