Prestige 2602HW Series User’s Guide
Table 180 TCP Reset Logs
LOG MESSAGE | DESCRIPTION |
|
|
Under SYN flood attack, | The router sent a TCP reset packet when a host was under a SYN |
sent TCP RST | flood attack (the TCP incomplete count is per destination host.) |
Exceed TCP MAX | The router sent a TCP reset packet when the number of TCP |
incomplete, sent TCP RST | incomplete connections exceeded the user configured threshold. |
| (the TCP incomplete count is per destination host.) Note: Refer to |
| TCP Maximum Incomplete in the Firewall Attack Alerts screen. |
Peer TCP state out of | The router sent a TCP reset packet when a TCP connection state |
order, sent TCP RST | was out of order.Note: The firewall refers to RFC793 Figure 6 to |
| check the TCP state. |
Firewall session time | The router sent a TCP reset packet when a dynamic firewall |
out, sent TCP RST | session timed out.Default timeout values:ICMP idle timeout (s): |
| 60UDP idle timeout (s): 60TCP connection (three way |
| handshaking) timeout (s): 30TCP |
| (established) timeout (s): 3600 |
Exceed MAX incomplete, | The router sent a TCP reset packet when the number of |
sent TCP RST | incomplete connections (TCP and UDP) exceeded the user- |
| configured threshold. (Incomplete count is for all TCP and UDP |
| connections through the firewall.)Note: When the number of |
| incomplete connections (TCP + UDP) > “Maximum Incomplete |
| High”, the router sends TCP RST packets for TCP connections |
| and destroys TOS (firewall dynamic sessions) until incomplete |
| connections < “Maximum Incomplete Low”. |
Access block, sent TCP | The router sends a TCP RST packet and generates this log if you |
RST | turn on the firewall TCP reset mechanism (via CI command: "sys |
| firewall tcprst"). |
Table 181 Packet Filter Logs
LOG MESSAGE | DESCRIPTION | |
|
| |
[ TCP UDP ICMP IGMP | Attempted access matched a configured filter rule (denoted by | |
Generic | ] packet filter | its set and rule number) and was blocked or forwarded |
matched | (set: %d, rule: %d) | according to the rule. |
For type and code details, see Table 190 on page 501.
Table 182 ICMP LogsLOG MESSAGE | DESCRIPTION |
|
|
Firewall default policy: ICMP | ICMP access matched the default policy and was blocked |
<Packet Direction>, <type:%d>, | or forwarded according to the user's setting. |
<code:%d> |
|
Firewall rule [NOT] match: ICMP | ICMP access matched (or didn’t match) a firewall rule |
<Packet Direction>, <rule:%d>, | (denoted by its number) and was blocked or forwarded |
<type:%d>, <code:%d> | according to the rule. |
497