Hi Suraj
Definitly something interresting is going on here . So lets say i ssh <ext ip> port 6543 ( which lead nowhere)
root@srx210> show security policies hit-count
Logical system: root-logical-system
Index From zone To zone Name Policy count
1 global global default-deny 0
2 Internal Internet All_Internal_Internet 34082
Now, I do have a NAT rule for port 2222 , which is de-activated, lets try to ssh to it
1 global global default-deny 5 < --- Getting some hits
root@srx210> show log traffic-log
Aug 19 08:22:47 srx210 RT_FLOW: RT_FLOW_SESSION_DENY: session denied 192.168.1.31/63521->1.1.1.1/2222 None 6(0) default-deny(global) Internet Internal UNKNOWN UNKNOWN N/A(N/A) ge-0/0/1.0 UNKNOWN policy deny
Aug 19 08:22:48 srx210 RT_FLOW: RT_FLOW_SESSION_DENY: session denied 192.168.1.31/63521->1.1.1.1/2222 None 6(0) default-deny(global) Internet Internal UNKNOWN UNKNOWN N/A(N/A) ge-0/0/1.0 UNKNOWN policy deny
Now if i ssh again , but change port to 9876 ( any random numbers) , nothing is showing up . Am i wrong to assume this *should* be capturing failed attempts ??
ssh or telnet to a closed port should reach that deny-all rule thus getting logged no ?
*confused*
Any help much appreciated
Thanks
***edited to put 1.1.1.1 as external IP