ProxySG & Advanced Secure Gateway

 View Only

  • 1.  Log traffic for single rule - ProxySG

    Posted Feb 02, 2023 04:59 PM
    Is there a way to log all traffic for a specific rule to see what source/dest are being used? I have a very broad permit rule for ANY destination and want to see what is actually hitting it. We do not have a reporter server.


  • 2.  RE: Log traffic for single rule - ProxySG

    Posted Feb 07, 2023 09:56 AM
    Hi,

    I am not sure if I have understood it correctly, but I think you should have a look at the policy coverage function.
    Depending on which ProxySG version you use, however, you must note that the counters are reset on reboot and re-installation of the policy.

    Regards
    Original Message


  • 3.  RE: Log traffic for single rule - ProxySG

    Posted Feb 10, 2023 05:28 PM

    I use Policy_ID for this with some other tricks, but much of this is #lessonslearned

    Good luck!

    AKH_BC



    ------------------------------
    Providing you Premier Partner support via Accredited Training, Professional Services, Consulting Services, Partner support for products with full staff of Broadcom Knights.
    Looking for support and want the top versed individuals to assist you? Email sales@braxtongrant.com and let's start a conversation on how we can make you successful. Award Winning North America Symantec Knight Partner of the Year for 2021.
    ~~##Groundbreaking Expert Advantage Partner using CA Automic Automation for Automated Policy Rule Implementation with BSG Symantec Products! Reach out and ask me how to get your demo with us on this One Of A Kind Integration!##~~
    ------------------------------

    Original Message


  • 4.  RE: Log traffic for single rule - ProxySG

    Posted Feb 23, 2023 08:26 AM

    Thanks AKH_BC. I see that Polic_ID is used in the TRACK column. As the rule I am curious about is getting a lot of hits (based on the coverage output) would I not inundate the proxy with log files? Wouldn't enabling Policy_ID on the Track column be the same as leaviing a policy trace running 24/7?


    Original Message


  • 5.  RE: Log traffic for single rule - ProxySG

    Posted Feb 24, 2023 08:21 AM

    @JS_2022 :

    It depends on how you craft to use it, how you use it in combination with other layers in some creative policy construction.

    I can't tell you what I do with it (at a granular level) and give away what is part of our Professional Services offering (that would defeat the purpose of offering it if the work was given for free!), but there are ways to log fields in log files that are fields you would traditionally see in policy traces for SIEM tools to parse and report on.

    Please reach out, having worked with this product for 11 years myself, and extremely familiar with CPL due to that historical background, there are tricks that can be used that are not Best Practices per say, but also won't put you in jeopardy of NOT being supported by Technical Support when you call up either.

    Thanks,

    AKH_BC



    ------------------------------
    Providing you Premier Partner support via Accredited Training, Professional Services, Consulting Services, Partner support for products with full staff of Broadcom Knights.
    Looking for support and want the top versed individuals to assist you? Email sales@braxtongrant.com and let's start a conversation on how we can make you successful. Award Winning North America Symantec Knight Partner of the Year for 2021.
    ~~##Groundbreaking Expert Advantage Partner using CA Automic Automation for Automated Policy Rule Implementation with BSG Symantec Products! Reach out and ask me how to get your demo with us on this One Of A Kind Integration!##~~
    ------------------------------

    Original Message