|
|
|
| Chapter 20 Logs |
| Table 103 Access Control Logs (continued) | |||
| LOG MESSAGE |
|
| DESCRIPTION |
| Triangle route packet forwarded: | The firewall allowed a triangle route session to pass | ||
| [TCP UDP IGMP ESP GRE | through. | ||
| OSPF] |
|
|
|
| Packet without a NAT table entry | The router blocked a packet that didn't have a | ||
| blocked: [TCP UDP IGMP ESP | corresponding NAT table entry. | ||
| GRE OSPF] |
|
|
|
| Router sent blocked web site | The router sent a message to notify a user that the router | ||
| message: TCP |
|
| blocked access to a web site that the user requested. |
| Table 104 TCP Reset Logs |
|
|
|
| LOG MESSAGE | DESCRIPTION | ||
| Under SYN flood attack, | The router sent a TCP reset packet when a host was under a SYN | ||
| sent TCP RST | flood attack (the TCP incomplete count is per destination host.) | ||
| Exceed TCP MAX | The router sent a TCP reset packet when the number of TCP | ||
| incomplete, sent TCP RST | incomplete connections exceeded the user configured threshold. | ||
|
| (the TCP incomplete count is per destination host.) Note: Refer to | ||
|
| TCP Maximum Incomplete in the Firewall Attack Alerts screen. | ||
|
|
|
| |
| Peer TCP state out of | The router sent a TCP reset packet when a TCP connection state | ||
| order, sent TCP RST | was out of order.Note: The firewall refers to RFC793 Figure 6 to | ||
|
| check the TCP state. | ||
| Firewall session time | The router sent a TCP reset packet when a dynamic firewall | ||
| out, sent TCP RST | session timed out. | ||
|
| The default timeout values are as follows: | ||
|
| ICMP idle timeout: 3 minutes | ||
|
| UDP idle timeout: 3 minutes | ||
|
| TCP connection (three way handshaking) timeout: 270 seconds | ||
|
| TCP | ||
|
| the TCP header). | ||
|
| TCP idle (established) timeout (s): 150 minutes | ||
|
| TCP reset timeout: 10 seconds | ||
|
|
|
| |
| Exceed MAX incomplete, | The router sent a TCP reset packet when the number of | ||
| sent TCP RST | incomplete connections (TCP and UDP) exceeded the user- | ||
|
| configured threshold. (Incomplete count is for all TCP and UDP | ||
|
| connections through the firewall.)Note: When the number of | ||
|
| incomplete connections (TCP + UDP) > “Maximum Incomplete | ||
|
| High”, the router sends TCP RST packets for TCP connections | ||
|
| and destroys TOS (firewall dynamic sessions) until incomplete | ||
|
| connections < “Maximum Incomplete Low”. | ||
|
|
|
| |
| Access block, sent TCP | The router sends a TCP RST packet and generates this log if you | ||
| RST | turn on the firewall TCP reset mechanism (via CI command: "sys | ||
|
| firewall tcprst"). | ||
| Table 105 Packet Filter Logs |
|
|
|
| LOG MESSAGE |
| DESCRIPTION | |
| [TCP UDP ICMP IGMP |
| Attempted access matched a configured filter rule (denoted | |
| Generic] packet filter |
| by its set and rule number) and was blocked or forwarded | |
| matched (set:%d, rule:%d) |
| according to the rule. | |
| 259 |
|
|