ZyXEL Communications P-2304R-P1 Series User Manual

Page 201

Advertising
background image

Chapter 19 Logs

P-2304R-P1 Series User’s Guide

201

Table 92 Access Control Logs

LOG MESSAGE

DESCRIPTION

Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]
<Packet Direction>

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

matched the default policy and was blocked or forwarded

according to the default policy’s setting.

Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF
] <Packet Direction>, <rule:%d>

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

matched (or did not match) a configured firewall rule

(denoted by its number) and was blocked or forwarded

according to the rule.

Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]

The firewall allowed a triangle route session to pass

through.

Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]

The router blocked a packet that didn't have a

corresponding NAT table entry.

Router sent blocked web site
message: TCP

The router sent a message to notify a user that the router

blocked access to a web site that the user requested.

Exceed maximum sessions per host (%d).

The device blocked a session because the host's

connections exceeded the maximum sessions per host.

Firewall allowed a packet that matched a
NAT session: [ TCP | UDP ]

A packet from the WAN (TCP or UDP) matched a cone

NAT session and the device forwarded it to the LAN.

Table 93 TCP Reset Logs

LOG MESSAGE

DESCRIPTION

Under SYN flood attack,
sent TCP RST

The router sent a TCP reset packet when a host was under a SYN

flood attack (the TCP incomplete count is per destination host.)

Exceed TCP MAX
incomplete, sent TCP RST

The router sent a TCP reset packet when the number of TCP

incomplete connections exceeded the user configured threshold.

(the TCP incomplete count is per destination host.)

Peer TCP state out of
order, sent TCP RST

The router sent a TCP reset packet when a TCP connection state

was out of order.Note: The firewall refers to RFC793 Figure 6 to

check the TCP state.

Firewall session time
out, sent TCP RST

The router sent a TCP reset packet when a dynamic firewall

session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in

the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds

Advertising
Popular Brands
Popular manuals