|
|
|
| Chapter 20 Logs |
| Table 105 Access Control Logs |
|
| |
| LOG MESSAGE |
| DESCRIPTION | |
| Firewall default policy: [ TCP | Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access | ||
| UDP IGMP ESP GRE OSPF ] | matched the default policy and was blocked or forwarded | ||
| <Packet Direction> |
| according to the default policy’s setting. | |
| Firewall rule [NOT] match:[ TCP | Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access | ||
| UDP IGMP ESP GRE OSPF | matched (or did not match) a configured firewall rule | ||
| ] <Packet Direction>, <rule:%d> | (denoted by its number) and was blocked or forwarded | ||
|
|
|
| according to the rule. |
| Triangle route packet forwarded: | The firewall allowed a triangle route session to pass | ||
| [ TCP UDP IGMP ESP GRE | through. | ||
| OSPF ] |
|
| |
| Packet without a NAT table entry | The router blocked a packet that didn't have a | ||
| blocked: [ TCP UDP IGMP | corresponding NAT table entry. | ||
| ESP GRE OSPF ] |
|
| |
| Router sent blocked web site | The router sent a message to notify a user that the router | ||
| message: TCP |
| blocked access to a web site that the user requested. | |
| Table 106 TCP Reset Logs |
|
| |
| LOG MESSAGE |
| DESCRIPTION | |
| Under SYN flood attack, |
| The router sent a TCP reset packet when a host was under a SYN | |
| sent TCP RST |
| flood attack (the TCP incomplete count is per destination host.) | |
| Exceed TCP MAX |
| The router sent a TCP reset packet when the number of TCP | |
| incomplete, sent TCP RST |
| incomplete connections exceeded the user configured threshold. | |
|
|
| (the TCP incomplete count is per destination host.) Note: Refer to | |
|
|
| TCP Maximum Incomplete in the Firewall Attack Alerts screen. | |
|
|
|
| |
| Peer TCP state out of |
| The router sent a TCP reset packet when a TCP connection state | |
| order, sent TCP RST |
| was out of order.Note: The firewall refers to RFC793 Figure 6 to | |
|
|
| check the TCP state. | |
| Firewall session time |
| The router sent a TCP reset packet when a dynamic firewall | |
| out, sent TCP RST |
| session timed out.Default timeout values:ICMP idle timeout (s): | |
|
|
| 60UDP idle timeout (s): 60TCP connection (three way | |
|
|
| handshaking) timeout (s): 30TCP | |
|
|
| (established) timeout (s): 3600 | |
|
|
|
| |
| Exceed MAX incomplete, |
| The router sent a TCP reset packet when the number of | |
| sent TCP RST |
| incomplete connections (TCP and UDP) exceeded the user- | |
|
|
| configured threshold. (Incomplete count is for all TCP and UDP | |
|
|
| connections through the firewall.)Note: When the number of | |
|
|
| incomplete connections (TCP + UDP) > “Maximum Incomplete | |
|
|
| High”, the router sends TCP RST packets for TCP connections | |
|
|
| and destroys TOS (firewall dynamic sessions) until incomplete | |
|
|
| connections < “Maximum Incomplete Low”. | |
|
|
|
| |
| Access block, sent TCP |
| The router sends a TCP RST packet and generates this log if you | |
| RST |
| turn on the firewall TCP reset mechanism (via CI command: "sys | |
|
|
| firewall tcprst"). | |
| 283 |
|
|