cancel
Showing results for 
Search instead for 
Did you mean: 

How to distinguish source IP vs destination IP in secure access events?

Highlighted
Not applicable

How to distinguish source IP vs destination IP in secure access events?

Juniper: 2016-01-23 01:18:47 - TSCMAGT01 - [67.185.10.114] .........................................................66Z&charset=ISO-8859-1&charset=ISO-8859-1 from 10.100.110.101 result=200 sent=151 received=327 in 0 seconds

Juniper: 2015-05-21 13:32:07 - SSL-DCA-IA2 - [172.17.19.28] steveno..........................................................2_NGAHR_DCI_MON_SYS, 2_ADMIN_H] - Network Connect: Session started for user with IP 172.24.2.126, hostname .................

I have two sample events here from MAG series product, does Juniper have regulations or conventions to distinguish source vs destination IPs in the events, such as Ip in [] always the source? Help is appreciated.
1 REPLY 1
Highlighted
Moderator

Re: How to distinguish source IP vs destination IP in secure access events?

By default, the IP in [] is the source IP of the client that the appliance sees. This may be unique for all users or it could be the same (depending on the NAT & FW rules)