ZyXEL P-660HW-T1 v2 User Guide - Page 231
Table 91, Table 92
View all ZyXEL P-660HW-T1 v2 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 231 highlights
P-660HW-T v2 User's Guide Table 91 Access Control Logs LOG MESSAGE DESCRIPTION Firewall default policy: [TCP | UDP | IGMP | ESP | GRE | OSPF] Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched the default policy and was blocked or forwarded according to the default policy's setting. Firewall rule [NOT] match:[TCP | UDP | IGMP | ESP | GRE | OSPF] , Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access matched (or did not match) a configured firewall rule (denoted by its number) and was blocked or forwarded according to the rule. Triangle route packet forwarded: The firewall allowed a triangle route session to pass [TCP | UDP | IGMP | ESP | GRE | through. OSPF] Packet without a NAT table entry The router blocked a packet that didn't have a blocked: [TCP | UDP | IGMP | ESP corresponding NAT table entry. | GRE | OSPF] Router sent blocked web site message: TCP The router sent a message to notify a user that the router blocked access to a web site that the user requested. Table 92 TCP Reset Logs LOG MESSAGE Under SYN flood attack, sent TCP RST Exceed TCP MAX incomplete, sent TCP RST Peer TCP state out of order, sent TCP RST Firewall session time out, sent TCP RST DESCRIPTION The router sent a TCP reset packet when a host was under a SYN flood attack (the TCP incomplete count is per destination host.) The router sent a TCP reset packet when the number of TCP incomplete connections exceeded the user configured threshold. (the TCP incomplete count is per destination host.) Note: Refer to TCP Maximum Incomplete in the Firewall Attack Alerts screen. The router sent a TCP reset packet when a TCP connection state was out of order.Note: The firewall refers to RFC793 Figure 6 to check the TCP state. The router sent a TCP reset packet when a dynamic firewall session timed out. The default timeout values are as follows: ICMP idle timeout: 3 minutes UDP idle timeout: 3 minutes TCP connection (three way handshaking) timeout: 270 seconds TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in the TCP header). TCP idle (established) timeout (s): 150 minutes TCP reset timeout: 10 seconds Chapter 18 Logs 231