ZyXEL Communications P-202 User Manual

P-202H Plus v2 Support Notes

The log supports up to 128 entries. There are 2 rows and 5 columns for each
entry. Please see the example shown below.

# Time Packet Information Reason Action

127|Mar 15 0 |From:192.168.1.34 To:202.132.155.93 |default permit |forward
| 03:03:54|ICMP type:00008 code:00000 |<1,00> |

Where <X,Y> stands for <Set number, Rule number>. X=1,2 ; Y=00~10. There
are two policy sets, set 1 for rules checking connections from LAN to WAN and
set 2 for rules checking connections from WAN to LAN. So, X=1 means set 1 and
X=2 means set 2.

Y means the rule in the set. Because we can configure up to 10 rules in a set, so
Y can be from 1 to 10. If the rule number shows 00, it means the Default Rule.

3. How do I view the firewall log?

The log keeps 128 entries, the new entries will overwrite the old entries when the
log has over 128 entries.

There are three ways to view the firewall log:

1. View the log from SMT Menu 21.3-View Firewall Log
2. View the log using CI command-sys firewall display
3. View the log from Web Configurator

4. When does the P-202H Plus v2 generate the firewall alert?

The P-202H Plus v2 generates the alert when an attack is detected by the
firewall and sends it via Email. So, to send the alert you must configure the mail
server and Email address using Web Configurator. You can also specify how
frequently you want to receive the alert via Web Configurator.

5. What does the alert show to us?

The alert shown in the Email is actually the evens of the attack. So, the Reason
column shows Attack and the attack type. Please see the example shown
below.

# Time Packet Information Reason Action

127|Mar 15 0 |From:192.168.1.1 To:192.168.1.1 |attack |block
| 03:04:54|ICMP type:00008 code:00000 |land |

All contents copyright © 2006 ZyXEL Communications Corporation.

25