Prestige 2602HW Series User’s Guide

Table 180 TCP Reset Logs

LOG MESSAGE

DESCRIPTION

 

 

Under SYN flood attack,

The router sent a TCP reset packet when a host was under a SYN

sent TCP RST

flood attack (the TCP incomplete count is per destination host.)

Exceed TCP MAX

The router sent a TCP reset packet when the number of TCP

incomplete, sent TCP RST

incomplete connections exceeded the user configured threshold.

 

(the TCP incomplete count is per destination host.) Note: Refer to

 

TCP Maximum Incomplete in the Firewall Attack Alerts screen.

Peer TCP state out of

The router sent a TCP reset packet when a TCP connection state

order, sent TCP RST

was out of order.Note: The firewall refers to RFC793 Figure 6 to

 

check the TCP state.

Firewall session time

The router sent a TCP reset packet when a dynamic firewall

out, sent TCP RST

session timed out.Default timeout values:ICMP idle timeout (s):

 

60UDP idle timeout (s): 60TCP connection (three way

 

handshaking) timeout (s): 30TCP FIN-wait timeout (s): 60TCP idle

 

(established) timeout (s): 3600

Exceed MAX incomplete,

The router sent a TCP reset packet when the number of

sent TCP RST

incomplete connections (TCP and UDP) exceeded the user-

 

configured threshold. (Incomplete count is for all TCP and UDP

 

connections through the firewall.)Note: When the number of

 

incomplete connections (TCP + UDP) > “Maximum Incomplete

 

High”, the router sends TCP RST packets for TCP connections

 

and destroys TOS (firewall dynamic sessions) until incomplete

 

connections < “Maximum Incomplete Low”.

Access block, sent TCP

The router sends a TCP RST packet and generates this log if you

RST

turn on the firewall TCP reset mechanism (via CI command: "sys

 

firewall tcprst").

Table 181 Packet Filter Logs

LOG MESSAGE

DESCRIPTION

 

 

[ TCP UDP ICMP IGMP

Attempted access matched a configured filter rule (denoted by

Generic

] packet filter

its set and rule number) and was blocked or forwarded

matched

(set: %d, rule: %d)

according to the rule.

For type and code details, see Table 190 on page 501.

Table 182 ICMP Logs

LOG MESSAGE

DESCRIPTION

 

 

Firewall default policy: ICMP

ICMP access matched the default policy and was blocked

<Packet Direction>, <type:%d>,

or forwarded according to the user's setting.

<code:%d>

 

Firewall rule [NOT] match: ICMP

ICMP access matched (or didn’t match) a firewall rule

<Packet Direction>, <rule:%d>,

(denoted by its number) and was blocked or forwarded

<type:%d>, <code:%d>

according to the rule.

497