|
|
| Chapter 23 Logs |
| Table 115 TCP Reset Logs (continued) | ||
| LOG MESSAGE | DESCRIPTION | |
| Exceed MAX incomplete, | The router sent a TCP reset packet when the number of | |
| sent TCP RST | incomplete connections (TCP and UDP) exceeded the user- | |
|
| configured threshold. (Incomplete count is for all TCP and UDP | |
|
| connections through the firewall.)Note: When the number of | |
|
| incomplete connections (TCP + UDP) > “Maximum Incomplete | |
|
| High”, the router sends TCP RST packets for TCP connections | |
|
| and destroys TOS (firewall dynamic sessions) until incomplete | |
|
| connections < “Maximum Incomplete Low”. | |
|
|
|
|
| Access block, sent TCP | The router sends a TCP RST packet and generates this log if you | |
| RST | turn on the firewall TCP reset mechanism (via CI command: sys | |
|
| firewall tcprst). | |
| Table 116 Packet Filter Logs |
|
|
| LOG MESSAGE |
| DESCRIPTION |
| [ TCP UDP ICMP IGMP | Attempted access matched a configured filter rule (denoted | |
| Generic ] packet filter |
| by its set and rule number) and was blocked or forwarded |
| matched (set: %d, rule: %d) | according to the rule. | |
For type and code details, see Table 123 on page 270.
Table 117 ICMP Logs
LOG MESSAGE | DESCRIPTION |
Firewall default policy: ICMP | ICMP access matched the default policy and was |
<Packet Direction>, <type:%d>, | blocked or forwarded according to the user's setting. |
<code:%d> |
|
Firewall rule [NOT] match: ICMP | ICMP access matched (or didn’t match) a firewall rule |
<Packet Direction>, <rule:%d>, | (denoted by its number) and was blocked or forwarded |
<type:%d>, <code:%d> | according to the rule. |
Triangle route packet forwarded: | The firewall allowed a triangle route session to pass |
ICMP | through. |
Packet without a NAT table entry | The router blocked a packet that didn’t have a |
blocked: ICMP | corresponding NAT table entry. |
The firewall does not support this kind of ICMP packets | |
ICMP | or the ICMP packets are out of order. |
Router reply ICMP packet: ICMP | The router sent an ICMP reply packet to the sender. |
Table 118 PPP Logs
LOG MESSAGE | DESCRIPTION |
ppp:LCP Starting | The PPP connection’s Link Control Protocol stage has started. |
ppp:LCP Opening | The PPP connection’s Link Control Protocol stage is opening. |
ppp:CHAP Opening | The PPP connection’s Challenge Handshake Authentication Protocol stage is |
| opening. |
ppp:IPCP | The PPP connection’s Internet Protocol Control Protocol stage is starting. |
Starting |
|
ppp:IPCP Opening | The PPP connection’s Internet Protocol Control Protocol stage is opening. |
| 267 |
|
|