beautypg.com

Table 116 packet filter logs table 117 icmp logs – ZyXEL Communications P-334WHD User Manual

Page 263

background image

P-334WHD User’s Guide

Appendix G Log Descriptions

263

Table 116 Packet Filter Logs

LOG MESSAGE

DESCRIPTION

[TCP | UDP | ICMP | IGMP |
Generic] packet filter
matched (set:%d, rule:%d)

Attempted access matched a configured filter rule (denoted by

its set and rule number) and was blocked or forwarded

according to the rule.

Firewall session time
out, sent TCP RST

The router sent a TCP reset packet when a dynamic firewall

session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in

the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds

Exceed MAX incomplete,
sent TCP RST

The router sent a TCP reset packet when the number of

incomplete connections (TCP and UDP) exceeded the user-

configured threshold. (Incomplete count is for all TCP and UDP

connections through the firewall.)Note: When the number of

incomplete connections (TCP + UDP) > “Maximum Incomplete

High”, the router sends TCP RST packets for TCP connections

and destroys TOS (firewall dynamic sessions) until incomplete

connections < “Maximum Incomplete Low”.

Access block, sent TCP
RST

The router sends a TCP RST packet and generates this log if you

turn on the firewall TCP reset mechanism (via CI command: "sys

firewall tcprst").

Table 117 ICMP Logs

LOG MESSAGE

DESCRIPTION

Firewall default policy: ICMP
, ,

ICMP access matched the default policy and was blocked

or forwarded according to the user's setting. For type and

code details, see

Table 126 on page 268

.

Firewall rule [NOT] match: ICMP
, ,
,

ICMP access matched (or didn’t match) a firewall rule

(denoted by its number) and was blocked or forwarded

according to the rule. For type and code details, see

Table 126 on page 268

.

Triangle route packet forwarded:
ICMP

The firewall allowed a triangle route session to pass

through.

Packet without a NAT table entry
blocked: ICMP

The router blocked a packet that didn’t have a

corresponding NAT table entry.

Table 115 TCP Reset Logs (continued)

LOG MESSAGE

DESCRIPTION

See also other documents in the category ZyXEL Communications Hardware: