ZyXEL Communications P-660HW-TX V3 309

		Chapter 21 Logs
Table 95 TCP Reset Logs (continued)
LOG MESSAGE	DESCRIPTION
Exceed MAX incomplete,	The router sent a TCP reset packet when the number of
sent TCP RST	incomplete connections (TCP and UDP) exceeded the
	user-configured threshold. (Incomplete count is for all
	TCP and UDP connections through the firewall.)Note:
	When the number of incomplete connections (TCP + UDP)
	> “Maximum Incomplete High”, the router sends TCP RST
	packets for TCP connections and destroys TOS (firewall
	dynamic sessions) until incomplete connections <
	“Maximum Incomplete Low”.

Access block, sent TCP	The router sends a TCP RST packet and generates this log
RST	if you turn on the firewall TCP reset mechanism (via CI
	command: "sys firewall tcprst").

Table 96 Packet Filter Logs
LOG MESSAGE		DESCRIPTION
[ TCP UDP ICMP IGMP		Attempted access matched a configured filter rule
Generic ] packet filter		(denoted by its set and rule number) and was blocked
matched (set: %d, rule: %d)		or forwarded according to the rule.

For type and code details, see Table 105 on page 312.

Table 97 ICMP Logs

LOG MESSAGE	DESCRIPTION
Firewall default policy: ICMP	ICMP access matched the default policy and was
<Packet Direction>, <type:%d>,	blocked or forwarded according to the user's
<code:%d>	setting.
Firewall rule [NOT] match: ICMP	ICMP access matched (or didn’t match) a firewall
<Packet Direction>, <rule:%d>,	rule (denoted by its number) and was blocked or
<type:%d>, <code:%d>	forwarded according to the rule.
Triangle route packet forwarded:	The firewall allowed a triangle route session to
ICMP	pass through.
Packet without a NAT table entry	The router blocked a packet that didn’t have a
blocked: ICMP	corresponding NAT table entry.
Unsupported/out-of-order ICMP:	The firewall does not support this kind of ICMP
ICMP	packets or the ICMP packets are out of order.
Router reply ICMP packet: ICMP	The router sent an ICMP reply packet to the
	sender.