ZyXEL Communications zywall 50 User Manual
ZyWALL 50 Internet Security Gateway
Introducing the ZyWALL Firewall
8-3
Table 8-1 View Firewall Log
FIELD DESCRIPTION
EXAMPLES
#
This is the index number of the firewall log. 128 entries
are available numbered from 0 to 127. Once they are
all used, the log will wrap around and the old logs will
be lost.
are available numbered from 0 to 127. Once they are
all used, the log will wrap around and the old logs will
be lost.
23
mm:dd:yy
e.g., Jan 1 00
Time
This is the time the log was recorded in this format.
You must configure menu 24.10 for real time;
otherwise the clock will start at 2000/01/01 00:00:00
the last time the ZyWALL was reset.
You must configure menu 24.10 for real time;
otherwise the clock will start at 2000/01/01 00:00:00
the last time the ZyWALL was reset.
hh:mm:ss e.g.,
00:00:00
From and To IP addresses
Packet
Information
Information
This field lists packet information such as protocol and
src/dest port numbers (TCP, UDP), or protocol, type
and code (ICMP).
src/dest port numbers (TCP, UDP), or protocol, type
and code (ICMP).
Protocol and port numbers
This field states the reason for the log; i.e., was the
rule matched, not matched or was there an attack. The
set and rule coordinates (<X, Y> where X=1,2;
Y=00~10) follow with a simple explanation. There are
two policy sets;:set 1 (X = 1) is for LAN to WAN rules
and set 2 (X = 2) for WAN to LAN rules. Y represents
the rule in the set. You can configure up to 10 rules in
any set (Y = 01 to 10). Rule number 00 is the default
rule.
rule matched, not matched or was there an attack. The
set and rule coordinates (<X, Y> where X=1,2;
Y=00~10) follow with a simple explanation. There are
two policy sets;:set 1 (X = 1) is for LAN to WAN rules
and set 2 (X = 2) for WAN to LAN rules. Y represents
the rule in the set. You can configure up to 10 rules in
any set (Y = 01 to 10). Rule number 00 is the default
rule.
not match
<1,01> dest IP
This means this packet does
not match the destination IP
address in set 1, rule 1. Other
reasons (instead of dest IP)
are src IP, dest port, src port
and protocol.
not match the destination IP
address in set 1, rule 1. Other
reasons (instead of dest IP)
are src IP, dest port, src port
and protocol.
Reason
This is a log for a DoS attack.
attack
land, ip spoofing, icmp echo,
icmp vulnerability, NetBIOS,
smtp illegal command,
traceroute, teardrop or syn
flood
icmp vulnerability, NetBIOS,
smtp illegal command,
traceroute, teardrop or syn
flood
Action
This field displays whether the packet was blocked or
forwarded. None means that no action is dictated by
this rule.
forwarded. None means that no action is dictated by
this rule.
block, forward
or none
After viewing the firewall log, ENTER “y” to clear the log or “n” to retain it. With either option you will be
returned to Menu 21- Filter and Firewall Setup.
returned to Menu 21- Filter and Firewall Setup.