Chapter 18 The Logs Screens
User’s Guide 207
Table 82 TCP Reset Logs
LOG MESSAGE DESCRIPTION
Under SYN flood attack,
sent TCP RST The router sent a TCP reset packet when a host was
under a SYN flood attack (the TCP incomplete count is per
destination host.)
Exceed TCP MAX
incomplete, sent TCP RST The router sent a TCP reset packet when the number of
TCP incomplete connections exceeded the user configured
threshold. (the TCP incomplete count is per destination
host.)
Peer TCP state out of
order, sent TCP RST The router sent a TCP reset packet when a TCP
connection state was out of order.Note: The firewall
refers to RFC793 Figure 6 to check the TCP state.
Firewall session time
out, sent TCP RST The router sent a TCP reset packet when a dynamic
firewall session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270
seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment
Lifetime set in the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds
Exceed MAX incomplete,
sent TCP RST The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the
user-configured threshold. (Incomplete count is for all
TCP and UDP connections through the firewall.)Note:
When the number of incomplete connections (TCP + UDP)
> “Maximum Incomplete High”, the router sends TCP RST
packets for TCP connections and destroys TOS (firewall
dynamic sessions) until incomplete connections <
“Maximum Incomplete Low”.
Access block, sent TCP
RST The router sends a TCP RST packet and generates this log
if you turn on the firewall TCP reset mechanism (via CI
command: sys firewall tcprst).
Table 83 Packet Filter LogsLOG MESSAGE DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule
(denoted by its set and rule number) and was blocked
or forwarded according to the rule.