Cisco Cisco Firepower 4110 Security Appliance
Table 182: DefensePro Attack-Protection IDs (cont.)
ID Number
or Range
or Range
Attack-Protection
Name
Name
Category
(for
Reporting)
Reporting)
Defau
lt
Risk
lt
Risk
Defau
lt
Actio
n
lt
Actio
n
Repo
rt
Actio
n
rt
Actio
n
Description
727
SYN Protect full table
Medium
According to
policy Action
Used when the SYN Protection table is full
and the module cannot handle more
concurrent authentication processes. New
verified ACK (or data) packets will be
discarded as long as the table is full.
729
SYN Protect out of context
Info
According to
policy Action
Used when a packet that does not match
an existing session arrives during the
authentication process. The packet will be
deleted and a RESET will be sent to the
source.
730
SYN Protect unverified
cookie
Info
Drop
Used when a ACK packet arrives with a SYN
cookie that does not match the one sent by
the DefensePro device.
This error is generated only when the
This error is generated only when the
policy is configured with Block and Report.
731
SYN Protect incompleteness
Info
Drop
(This event is not relevant before
version 5.1x.)
Used when a new session is aged
Used when a new session is aged
during the authentication process
before the first data packet has
arrived.
732
SYN Protect delete wrong
tcp
Info
Drop
Used when an unexpected packet or one
with illegal TCP flags arrives during the
authentication process. The packet will be
discarded.
740
TCP session dropped
Stateful-ACL
High
Drop
Reports on traffic that matched an ACL
policy.
741
TCP session allowed
Stateful-ACL
Info
Forward
Reports on traffic that matched an ACL
policy.
© 2016 Cisco | Radware. All rights reserved. This document is Cisco Public.
Page 261 of 281