beautypg.com

ZyXEL Communications NBG410W3G User Manual

Page 314

background image

Chapter 19 Logs Screens

NBG410W3G Series User’s Guide

314

Table 98 Access Control Logs

LOG MESSAGE

DESCRIPTION

Firewall default policy: [ TCP |
UDP | IGMP | ESP | GRE | OSPF ]

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

matched the default policy and was blocked or forwarded

according to the default policy’s setting.

Firewall rule [NOT] match:[ TCP
| UDP | IGMP | ESP | GRE | OSPF
] ,

Attempted TCP/UDP/IGMP/ESP/GRE/OSPF access

matched (or did not match) a configured firewall rule

(denoted by its number) and was blocked or forwarded

according to the rule.

Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]

The firewall allowed a triangle route session to pass

through.

Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]

The router blocked a packet that didn't have a

corresponding NAT table entry.

Router sent blocked web site
message: TCP

The router sent a message to notify a user that the router

blocked access to a web site that the user requested.

Exceed maximum sessions per host
(%d).

The device blocked a session because the host's

connections exceeded the maximum sessions per host.

Firewall allowed a packet that
matched a NAT session: [ TCP |
UDP ]

A packet from the WAN (TCP or UDP) matched a cone

NAT session and the device forwarded it to the LAN.

Table 99 TCP Reset Logs

LOG MESSAGE

DESCRIPTION

Under SYN flood attack,
sent TCP RST

The router sent a TCP reset packet when a host was under a SYN

flood attack (the TCP incomplete count is per destination host.)

Exceed TCP MAX
incomplete, sent TCP RST

The router sent a TCP reset packet when the number of TCP

incomplete connections exceeded the user configured threshold.

(the TCP incomplete count is per destination host.) Note: Refer to

TCP Maximum Incomplete in the Firewall Attack Alerts screen.

Peer TCP state out of
order, sent TCP RST

The router sent a TCP reset packet when a TCP connection state

was out of order.Note: The firewall refers to RFC793 Figure 6 to

check the TCP state.

Firewall session time
out, sent TCP RST

The router sent a TCP reset packet when a dynamic firewall

session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in

the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds

See also other documents in the category ZyXEL Communications Hardware: