Configuration options for Juniper

Review configuration options for Juniper firewalls in RocketCyber

Reputation Lookup on connecting IPs	This will monitor traffic and inform you only of unexpected traffic or traffic coming from unusual locations (e.g. countries on the Enabled Countries list).
IDS/IPS detections	Monitors and reports malicious network based intrusion attacks on Firewall.
Login Authentication Failures	Monitors and reports suspicious Login (ftp, telnet, web, http) failures.
Administrative logins	Monitors and reports any Logins to firewall from users with administrative or root permissions.

Log Format

Expected format for Juniper Logs:

IDS Event: <19>Feb 3 03:30:05 SRX-2 RT_IDS: RT_SCREEN_ICMP: Large ICMP packet! ource:172.xxx.xxx.213, destination: 185.xxx.xx.76, zone name: manage, interface name: ge-0/0/0.0

IDP Event: <19>Dec 28 15:09:30 ankara RT_IDP: IDP_ATTACK_LOG_EVENT: IDP: at 1325084969, TRAFFIC Attack log <192.xxx.xxx.2/37731->212.xxx.xxx.78/443> for TCP protocol and service SERVICE_NONE application NONE by rule 1 of rulebase IPS in policy My_Policy. attack: repeat=0, action=TRAFFIC_IPACTION_DROP, threat-severity=INFO, name=_, NAT <172.xxx.xxx.219:42029->0.0.0.0:0>, time-elapsed=0, inbytes=0, outbytes=0, inpackets=0, outpackets=0, intf:lan:fe-0/0/1.0->wan:fe-0/0/0.0, packet-log-id: 0 and misc-message -

IP Traffic Event: <19>Dec 17 08:04:45 srx-firewall RT_FLOW: RT_FLOW_SESSION_CREATE: session created xx.xx.xx.xx/53836->xx.xx.xx.xx/22 junos-ssh xx.xx.xx.xx/53836->10.10.10.1/22 None None 6 log-host-traffic untrust junos-host 5 N/A(N/A) ge-0/0/1.0

Authorization Event: <19>Jun 15 02:46:39 srx-firewall mgd[8265]: FWAUTH_TELNET_USER_AUTH_FAIL: User 'tsmith' at 'xx.xx.xx.123' is rejected.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.