|
|
|
|
| Chapter 27 Logs |
| Table 156 System Error Logs |
|
|
| |
| LOG MESSAGE |
| DESCRIPTION | ||
| %s exceeds the max. |
| This attempt to create a NAT session exceeds the maximum | ||
| number of session per |
| number of NAT session table entries allowed to be created per | ||
| host! |
| host. |
| |
| setNetBIOSFilter: calloc |
| The router failed to allocate memory for the NetBIOS filter | ||
| error |
| settings. |
| |
| readNetBIOSFilter: calloc |
| The router failed to allocate memory for the NetBIOS filter | ||
| error |
| settings. |
| |
| WAN connection is down. |
| A WAN connection is down. You cannot access the network | ||
|
|
| through this interface. | ||
| Table 157 Access Control Logs |
|
|
| |
| LOG MESSAGE |
|
| DESCRIPTION | |
| Firewall default policy: [ TCP |
| Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access | ||
| UDP IGMP ESP GRE OSPF ] |
| matched the default policy and was blocked or forwarded | ||
| <Packet Direction> |
|
| according to the default policy’s setting. | |
| Firewall rule [NOT] match:[ TCP |
| Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access | ||
| UDP IGMP ESP GRE OSPF |
| matched (or did not match) a configured firewall rule | ||
| ] <Packet Direction>, <rule:%d> |
| (denoted by its number) and was blocked or forwarded | ||
|
|
|
|
| according to the rule. |
| Triangle route packet forwarded: |
| The firewall allowed a triangle route session to pass | ||
| [ TCP UDP IGMP ESP GRE |
| through. | ||
| OSPF ] |
|
|
| |
| Packet without a NAT table entry |
| The router blocked a packet that didn't have a | ||
| blocked: [ TCP UDP IGMP |
| corresponding NAT table entry. | ||
| ESP GRE OSPF ] |
|
|
| |
| Router sent blocked web site |
| The router sent a message to notify a user that the router | ||
| message: TCP |
|
| blocked access to a web site that the user requested. | |
| Table 158 TCP Reset Logs |
|
|
| |
| LOG MESSAGE |
| DESCRIPTION | ||
| Under SYN flood attack, |
| The router sent a TCP reset packet when a host was under a SYN | ||
| sent TCP RST |
| flood attack (the TCP incomplete count is per destination host.) | ||
| Exceed TCP MAX |
| The router sent a TCP reset packet when the number of TCP | ||
| incomplete, sent TCP RST |
| incomplete connections exceeded the user configured threshold. | ||
|
|
| (the TCP incomplete count is per destination host.) Note: Refer to | ||
|
|
| TCP Maximum Incomplete in the Firewall Attack Alerts screen. | ||
|
|
|
| ||
| Peer TCP state out of |
| The router sent a TCP reset packet when a TCP connection state | ||
| order, sent TCP RST |
| was out of order.Note: The firewall refers to RFC793 Figure 6 to | ||
|
|
| check the TCP state. | ||
| Firewall session time |
| The router sent a TCP reset packet when a dynamic firewall | ||
| out, sent TCP RST |
| session timed out.Default timeout values:ICMP idle timeout (s): | ||
|
|
| 60UDP idle timeout (s): 60TCP connection (three way | ||
|
|
| handshaking) timeout (s): 30TCP | ||
|
|
| (established) timeout (s): 3600 | ||
|
|
|
|
|
|
| 393 |
|
|