|
|
| Chapter 25 Logs Screens |
| Table 143 TCP Reset Logs |
|
|
| LOG MESSAGE | DESCRIPTION | |
| Under SYN flood attack, | The router sent a TCP reset packet when a host was under a SYN | |
| sent TCP RST | flood attack (the TCP incomplete count is per destination host.) | |
| Exceed TCP MAX | The router sent a TCP reset packet when the number of TCP | |
| incomplete, sent TCP RST | incomplete connections exceeded the user configured threshold. | |
|
| (the TCP incomplete count is per destination host.) Note: Refer to | |
|
| TCP Maximum Incomplete in the Firewall Attack Alerts screen. | |
|
|
|
|
| Peer TCP state out of | The router sent a TCP reset packet when a TCP connection state | |
| order, sent TCP RST | was out of order.Note: The firewall refers to RFC793 Figure 6 to | |
|
| check the TCP state. | |
| Firewall session time | The router sent a TCP reset packet when a dynamic firewall | |
| out, sent TCP RST | session timed out. | |
|
| The default timeout values are as follows: | |
|
| ICMP idle timeout: 3 minutes | |
|
| UDP idle timeout: 3 minutes | |
|
| TCP connection (three way handshaking) timeout: 270 seconds | |
|
| TCP | |
|
| the TCP header). | |
|
| TCP idle (established) timeout (s): 150 minutes | |
|
| TCP reset timeout: 10 seconds | |
|
|
|
|
| Exceed MAX incomplete, | The router sent a TCP reset packet when the number of | |
| sent TCP RST | incomplete connections (TCP and UDP) exceeded the user- | |
|
| configured threshold. (Incomplete count is for all TCP and UDP | |
|
| connections through the firewall.)Note: When the number of | |
|
| incomplete connections (TCP + UDP) > “Maximum Incomplete | |
|
| High”, the router sends TCP RST packets for TCP connections | |
|
| and destroys TOS (firewall dynamic sessions) until incomplete | |
|
| connections < “Maximum Incomplete Low”. | |
|
|
|
|
| Access block, sent TCP | The router sends a TCP RST packet and generates this log if you | |
| RST | turn on the firewall TCP reset mechanism (via CI command: "sys | |
|
| firewall tcprst"). | |
| Table 144 Packet Filter Logs |
|
|
| LOG MESSAGE |
| DESCRIPTION |
| [ TCP UDP ICMP IGMP | Attempted access matched a configured filter rule (denoted | |
| Generic ] packet filter |
| by its set and rule number) and was blocked or forwarded |
| matched (set: %d, rule: %d) | according to the rule. | |
For type and code details, see Table 157 on page 443.
Table 145 ICMP Logs
LOG MESSAGE | DESCRIPTION |
Firewall default policy: ICMP | ICMP access matched the default policy and was |
<Packet Direction>, <type:%d>, | blocked or forwarded according to the user's setting. |
<code:%d> |
|
Firewall rule [NOT] match: ICMP | ICMP access matched (or didn’t match) a firewall rule |
<Packet Direction>, <rule:%d>, | (denoted by its number) and was blocked or forwarded |
<type:%d>, <code:%d> | according to the rule. |
Triangle route packet forwarded: | The firewall allowed a triangle route session to pass |
ICMP | through. |
| 433 |
ZyWALL 2 Plus User’s Guide | |
|
|