Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What does "policy id 320001" refer to?

0

0

Article ID: KB6389 KB Last Updated: 23 Apr 2013Version: 4.0
Summary:
This article describes the meaning of "policy id 320001" string in the self log of a security device.
Symptoms:
The self log file of a security device shows policy id 320001. What is the meaning of this message? 
Cause:

Solution:

The policy_id 32000 is pre-defined for self log traffic. This is traffic destined to the ScreenOS device, but is not interesting traffic. Therefore, the packet is dropped.

ScreenOS provides a self log to monitor and record all packets terminated at the security device. When you enable the self log and the traffic is targeted to the device, and the action is to deny it, the traffic is logged as self log. Similar to the traffic log, the self log displays the date, time, source address/port, destination address/port, duration, and service for each dropped packet terminating at the security device. Self log entries typically have a source zone of Null and a destination zone of “self.”

Note: This feature is CPU intensive and under high traffic volume conditions can cause high CPU utilization.

To activate the self log, enable the Log Packets Terminated to Self option:

Using WebUI: Configuration > Report Settings > Log Settings
Using CLI: set firewall log-self

Example:

  • Apr 2 12:16:12 X.X.X.5 xxxxfwvn03: NetScreen device_id=xxxxfwvn03 system-information-39248: start_time="2003-04-02 12:16:16" duration=0 policy_id=320001 service=udp/port:1985 proto=17 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=X.X.X.3 dst=224.0.0.2 src_port=1985 dst_port=1985
  • Apr 2 12:16:12 X.X.X.5 xxxxfwvn03: NetScreen device_id=xxxxfwvn03 system-information-39248: start_time="2003-04-02 12:16:17" duration=0 policy_id=320001 service=udp/port:1985 proto=17 src zone=Null dst zone=self action=Deny sent=0 rcvd=48 src=X.X.X.2 dst=22

Global Policy id 320001 cannot be modified or deleted.

ssg350m-> get policy id 320001
name:"none" (id 320001), zone Null -> Null,action Deny, status "hidden"
src "N/A", dst "N/A", serv "ANY"
Rules on this VPN policy: 0
nat off, Web filtering : disabled
vpn unknown vpn, policy flag 00000000, session backup: on
traffic shaping off, scheduler n/a, serv flag 00
log no, log count 0, alert no, counter no(0) byte rate(sec/min) 0/0
total octets 0, counter(session/packet/octet) 0/0/0
priority 7, diffserv marking Off
tadapter: state off, gbw/mbw 0/0 policing (no)
No Authentication
No User, User Group or Group expression set

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search