Chapter 20 Logs
Table 77 TCP Reset Logs
LOG MESSAGE | DESCRIPTION |
Under SYN flood attack, | The router sent a TCP reset packet when a host was |
sent TCP RST | under a SYN flood attack (the TCP incomplete count is per |
| destination host.) |
|
|
Exceed TCP MAX | The router sent a TCP reset packet when the number of |
incomplete, sent TCP RST | TCP incomplete connections exceeded the user configured |
| threshold. (the TCP incomplete count is per destination |
| host.) Note: Refer to TCP Maximum Incomplete in the |
| Firewall Attack Alerts screen. |
|
|
Peer TCP state out of | The router sent a TCP reset packet when a TCP |
order, sent TCP RST | connection state was out of order.Note: The firewall refers |
| to RFC793 Figure 6 to check the TCP state. |
|
|
Firewall session time | The router sent a TCP reset packet when a dynamic |
out, sent TCP RST | firewall session timed out.Default timeout values:ICMP |
| idle timeout (s): 60UDP idle timeout (s): 60TCP |
| connection (three way handshaking) timeout (s): 30TCP |
| |
| (s): 3600 |
|
|
Exceed MAX incomplete, | The router sent a TCP reset packet when the number of |
sent TCP RST | incomplete connections (TCP and UDP) exceeded the |
| |
| TCP and UDP connections through the firewall.)Note: |
| When the number of incomplete connections (TCP + UDP) |
| > “Maximum Incomplete High”, the router sends TCP RST |
| packets for TCP connections and destroys TOS (firewall |
| dynamic sessions) until incomplete connections < |
| “Maximum Incomplete Low”. |
|
|
Access block, sent TCP | The router sends a TCP RST packet and generates this log |
RST | if you turn on the firewall TCP reset mechanism (via CI |
| command: "sys firewall tcprst"). |
|
|
Table 78 Packet Filter Logs
LOG MESSAGE | DESCRIPTION | |
[ TCP UDP ICMP IGMP | Attempted access matched a configured filter rule | |
Generic | ] packet filter | (denoted by its set and rule number) and was blocked |
matched | (set: %d, rule: %d) | or forwarded according to the rule. |
| 213 |
|
|