topic Re: Default track option set to 'Log' for a new rule in Firewall and Security Management

Default track option set to 'Log' for a new rule

Martijn — Mon, 18 Mar 2019 08:52:49 GMT

Hi all,

Is it possible to set the Track option for every new rule to 'Log' instead of 'None'?

We have a customer that would like to have this option because he logs every rule.

Regards,

Martijn.

Re: Default track option set to 'Log' for a new rule

Jerry — Mon, 18 Mar 2019 09:10:57 GMT

Martijn

when new rule is made by default "none" is applied but changing it manually to LOG isn't a big deal isn't it? When you script (API) new rule(s) creation then obviously you can set automatically to have new rules with "LOG" by default (see API on ATRG - search community or SK DB!) other than than I think "MANUAL" new rule creation will always be (IMHO) with NONE. As far as I know this has been always (since 20-25y) the case if I'm not mistaken ...

Re: Default track option set to 'Log' for a new rule

Martijn — Mon, 18 Mar 2019 10:32:55 GMT

Hi,

It is not up to me to decide for the customer it is not a big deal changing the Track option.

The security policy (written and technical) is very strict for this customer. Every action on the network and systems must be logged. So to make is fool-proof, it would be nice if the default Track action was set to 'Log'.

I will tell the customer API is a way to do it, but from SmartConsole it is not yet an option.

Martijn.

Re: Default track option set to 'Log' for a new rule

Danny — Thu, 24 Nov 2022 06:36:29 GMT

It is. Just enable it within Reporting Tools of your Global Properties.

Re: Default track option set to 'Log' for a new rule

Martijn — Mon, 18 Mar 2019 13:49:49 GMT

Hi,

I have tried this, but I cannot select my log server (which is the SmartCenter).

Only unused log servers are available. Not sure what that means.

I am missing something?

Regards,

Martijn

Re: Default track option set to 'Log' for a new rule

PhoneBoy — Mon, 18 Mar 2019 18:28:44 GMT

Might be worth a TAC case to ask.

Re: Default track option set to 'Log' for a new rule

Wolfgang — Mon, 18 Mar 2019 19:46:41 GMT

You need another logserver then your actual one. If you look at Dannie’s screenshot you‘ll see the small enhancement.

“you have to choose another logserver then the actual one“. Meaning you need more then one logserver to get this working.

if you have only the one on your smartcenter you need a second one.

Re: Default track option set to 'Log' for a new rule

Wolfgang — Mon, 18 Mar 2019 19:59:30 GMT

We had a customer with similar requirements and some more pre defined values.

we created some rules with pre filled settings, like log, install target, description and part of the name. This rule is disabled and placed as first rule in different sections of the rulebase.

Now you can copy and paste this rule and start a new rule with predefined values. It‘s simple, not the best solution but very helpful.

Re: Default track option set to 'Log' for a new rule

Hugo_vd_Kooij — Mon, 18 Mar 2019 20:16:09 GMT

Interresting workaround.

Re: Default track option set to 'Log' for a new rule

Hugo_vd_Kooij — Mon, 18 Mar 2019 20:17:30 GMT

There is a dirty trick that may make this work.

Create a dummy log server object with the IP of the SmartCenter.

Totaly untested ....... but worth a shot.

Re: Default track option set to 'Log' for a new rule

JozkoMrkvicka — Mon, 18 Mar 2019 20:46:51 GMT

Another dirty workaround:

Check via API all rules which doesnt have logging set, change it and push the firewall.

Re: Default track option set to 'Log' for a new rule

Martijn — Wed, 27 Mar 2019 14:11:25 GMT

Did try this, but doe not work.

In my SmartCenter I get the log "Stopped Logging" one I ad a new object with the same IP as the SmartCenter an push a policy.

Re: Default track option set to 'Log' for a new rule

Itall — Wed, 24 May 2023 12:36:08 GMT

It is a very big deal if you have day where are too many changes on firewall. Default logging behavior should be optional as is setting the default source/destination behavior. With API this easy, but not all companyes working with API.