Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Configuring Juniper Firewall

Owned by Customer Success & Engineering
Last updated: Jan 16, 2023
3 min read

Overview

In this document we are guiding with the steps to ingest Juniper Firewall SRX series with Seceon SIEM to have a Comprehensive visibility and Proactive Threat Detection in your Environment.

Configuring to send Syslog Messages

Using J-Web

  1. Log in to the Juniper SRX device.

  2. Click Configure > CLI Tools > Point and Click CLI in the Juniper SRX device.

  3. Expand System and click Syslog.

  4. In the Syslog page, click Add New Entry placed next to 'Host'.

  5. Enter the IP address of the remote Syslog server (CCE server IP) (i.e., Firewall Analyzer).

  6. Click Apply to save the configuration.

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host#  set system syslog host <IP address of the remote Syslog server (i.e., Firewall Analyzer)> any any

To enable logging for Security policy:

Using J-Web

  • Select Configure > Security > Policy > FW Policies.

  • Click on the policy for which you would like to enable logging.

  • Navigate to Logging/Count and in Log Options, select Log at Session Close Time.

Using CLI

  1. Log in to the Juniper SRX device CLI console.

  2. Execute the following command:

user@host# set security policies from-zone trust to-zone untrust policy permit-all then log session-close

Juniper Networks IDP Device (version IDP 50)

Configuring to send Syslog Messages directly from Sensor

  1. Log in to the Juniper Networks IDP device.

  2. Click Device > Report Settings > Enable Syslog in the Juniper Networks IDP device.

  3. Select the Enable Syslog Messages check box.

  4. Click Apply to save the changes.

This configuration will generate syslogs for:

  • All attacks

  • Policy load

  • Restart

This configuration will not provide:

  • Profiler logs

  • Device connect/disconnect logs

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes 

Configuring to send Syslog Messages from NSM 

  1. Log in to NSM.

  2. Click Action Manager > Action Parameters > Define a Syslog Server in the NSM.

  3. Click Action Manager > Device Log Action Criteria > Category in the NSM.

  4. Select Category = all and Actions = syslog enable

  5. Click Apply to save the changes.

This configuration will generate syslogs for:

  • All attacks

  • Policy load

  • Restart

  • Profiler logs

  • Device connect/disconnect logs

This configuration will not provide:

  • Interface UP/DOWN logs

  • Logs for Bypass State Changes

 Verification

STEP1: Login to UI >> SYSTEM>> LOGS AND FLOWS COLLECTION STATUS .

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS .

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

Seceon Inc. All rights reserved. https://www.seceon.com