Table 114 packet filter logs, Table 115 icmp logs – ZyXEL Communications P-2302HWL-P1 Series User Manual

Page 258

Advertising
background image

P-2302HW/HWL-P1 Series User’s Guide

258

Chapter 21 Logs

F

or type and code details, see

Table 121 on page 261

.

Firewall session time

out, sent TCP RST

The router sent a TCP reset packet when a dynamic firewall
session timed out.

The default timeout values are as follows:

ICMP idle timeout: 3 minutes

UDP idle timeout: 3 minutes

TCP connection (three way handshaking) timeout: 270 seconds

TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in
the TCP header).

TCP idle (established) timeout (s): 150 minutes

TCP reset timeout: 10 seconds

Exceed MAX incomplete,

sent TCP RST

The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.

Access block, sent TCP

RST

The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command:

sys

firewall tcprst

).

Table 114 Packet Filter Logs

LOG MESSAGE

DESCRIPTION

[ TCP | UDP | ICMP | IGMP |

Generic ] packet filter

matched (set: %d, rule: %d)

Attempted access matched a configured filter rule (denoted by
its set and rule number) and was blocked or forwarded
according to the rule.

Table 115 ICMP Logs

LOG MESSAGE

DESCRIPTION

Firewall default policy: ICMP

<Packet Direction>, <type:%d>,

<code:%d>

ICMP access matched the default policy and was blocked
or forwarded according to the user's setting.

Firewall rule [NOT] match: ICMP

<Packet Direction>, <rule:%d>,

<type:%d>, <code:%d>

ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.

Triangle route packet forwarded:

ICMP

The firewall allowed a triangle route session to pass
through.

Packet without a NAT table entry

blocked: ICMP

The router blocked a packet that didn’t have a
corresponding NAT table entry.

Table 113 TCP Reset Logs (continued)

LOG MESSAGE

DESCRIPTION

Advertising
This manual is related to the following products:

P-2302HW-P1 Series

Popular Brands
Popular manuals