ZyXEL Communications 10 User Manual

ZyWALL 10~100 Series Internet Security Gateway

Log Descriptions

77

Chart Q-6 Access Logs

LOG MESSAGE

DESCRIPTION

Firewall sent TCP

reset packets

The firewall sent out TCP reset packets.

Packet without a NAT

table entry blocked

The router blocked a packet that did not have a corresponding NAT
table entry.

Out of order TCP

handshake packet

blocked

The router blocked a TCP handshake packet that came out of the
proper order

Drop unsupported/out-

of-order ICMP

The ZyWALL generates this log after it drops an ICMP packet due to
one of the following two reasons:

1. The ZyWALL does not support the ICMP packet's protocol.

2. The ICMP packet is an echo reply for which there was no
corresponding echo request.

Router sent ICMP

response packet

(type:%d, code:%d)

The router sent an ICMP response packet. This packet automatically
bypasses the firewall. See the section on ICMP messages for type
and code details.

Chart Q-7 ACL Setting Notes

ACL SET

NUMBER

DIRECTION DESCRIPTION

1

LAN to WAN

ACL set 1 for packets traveling from the LAN to the WAN.

2

WAN to LAN

ACL set 2 for packets traveling from the WAN to the LAN.

3

DMZ to LAN

ACL set 3 for packets traveling from the DMZ to the LAN.

4

DMZ to WAN

ACL set 4 for packets traveling from the DMZ to the WAN.

5

WAN to DMZ

ACL set 5 for packets traveling from the WAN to the DMZ.

6

LAN to DMZ

ACL set 6 for packets traveling from the LAN to the DMZ.

7

LAN to
LAN/ZyWALL

ACL set 7 for packets traveling from the LAN to the LAN or the
ZyWALL.

8

WAN to
WAN/ZyWALL

ACL set 8 for packets traveling from the WAN to the WAN or the
ZyWALL.