Jump to content
Updated Privacy Statement

LOG Action for excluded IPs in DROP Policy

Go to solution Solved by Rick Davis,

Recommended Posts

Hi folks,

I am currently working on a responder policy that triggers a “DROP”. Except for the countries that are defined by “.NOT” 


Now I would also like to attach a message action, but not for the requests that are dropped, but for those that are allowed.

Putting the message action directly into the responder policy is useless here, as it only takes effect when a DROP is triggered.

Now the question is, what is the best way to log when one of the IPs excluded from the DROP makes a call?


Link to comment
Share on other sites

  • Solution

You can use two policies on the same traffic using Goto Expressions.   Your first policy can conduct the logging (using a goto expression of NEXT) and the second policy will perform the Drop.   In this case, the order matters because a Drop action requires an END Goto expression.   
Be sure to remove your .NOT from the first policy since you want to log traffic which you intend to allow.




Reference: Evaluation order within a policy bank


  • Thanks 1
Link to comment
Share on other sites

Thank you for the quick reply. :) 

I just realized now that the NOOP policy does not apply if there is more than one exception in it 



Have I just made a mistake in my thinking?

Link to comment
Share on other sites

Posted (edited)

Oh I think I just realized it myself I put && instead of || in the policy 






Edited by nlffel439
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...