Managed Streams
The Blocked Log Entries table displays up to 50 entries. Entries are added when the block event occurs. Entries are automatically removed when the connection times out based on the Connection Table timeout setting configured from the IPS > IPS Preferences page. The default timeout settings is 1800 seconds (30 minutes). You can manually remove an entry by terminating the connection using the Flush functions.
For each blocked traffic stream, the Blocked Streams page provides the following information:
Table
Field | Description |
|
|
|
|
Protocol | Protocol used by the blocked connection |
|
|
Src/Dest Address | Source or destination IP address of the connection. |
|
|
Port | Port of the connection |
|
|
Src/Dest Address | Source or destination IP address of the connection |
|
|
Port | Port of the connection |
|
|
Security Zones | The security zones where traffic was blocked or |
|
|
Reason | The filter link that details why the traffic connection stream was |
| blocked. Click the link to display and manage the filter. |
|
|
Search Blocked Streams |
|
STEP 1
STEP 2
STEP 3
From the LSM menu, select Events > Managed Streams > Blocked Streams.
Enter search criteria for any of the following:
•Protocol — The protocol for the connection: All, TCP, UDP, ICMP
•Source or Destination Address — The traffic source or destination IP address
•Source or Destination Port — The traffic source or destination IP port
Entering “0” or “0.0.0.0” in the fields you do not want to specify allows you to search on any of the 4 fields (combination or single). This value acts as the value “any”.
Click Search.
To reset the search, click Reset.
Flush Blocked Streams
You can manually drop the connection for all or selected streams using the Flush functions available on the Blocked Streams page. A connection is automatically dropped when the connection table timeout period expires.
STEP 1
STEP 2
From the LSM menu, select Events > Managed Streams > Blocked Streams.
To drop all the connections, scroll to the bottom of the Blocked Streams page. Then, click Flush All.
To drop selected connections, use the check box next to an entry to select it. Then, scroll to the bottom of the page and click Flush.
X Family LSM User’s Guide V 2.5.1 | 111 |
|
|