ZyXEL p-2302hw-p1 Manual Do Utilizador
P-2302HW/HWL-P1 Series User’s Guide
258
Chapter 21 Logs
F
or type and code details, see
.
Firewall session time
out, sent TCP RST
The router sent a TCP reset packet when a dynamic firewall
session timed out.
session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in
the TCP header).
the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds
Exceed MAX incomplete,
sent TCP RST
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > “Maximum Incomplete
High”, the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < “Maximum Incomplete Low”.
Access block, sent TCP
RST
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command:
turn on the firewall TCP reset mechanism (via CI command:
sys
firewall tcprst
).
Table 114 Packet Filter Logs
LOG MESSAGE
DESCRIPTION
[ TCP | UDP | ICMP | IGMP |
Generic ] packet filter
matched (set: %d, rule: %d)
Attempted access matched a configured filter rule (denoted by
its set and rule number) and was blocked or forwarded
according to the rule.
its set and rule number) and was blocked or forwarded
according to the rule.
Table 115 ICMP Logs
LOG MESSAGE
DESCRIPTION
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
ICMP access matched the default policy and was blocked
or forwarded according to the user's setting.
or forwarded according to the user's setting.
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
ICMP access matched (or didn’t match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule.
(denoted by its number) and was blocked or forwarded
according to the rule.
Triangle route packet forwarded:
ICMP
The firewall allowed a triangle route session to pass
through.
through.
Packet without a NAT table entry
blocked: ICMP
The router blocked a packet that didn’t have a
corresponding NAT table entry.
corresponding NAT table entry.
Table 113 TCP Reset Logs (continued)
LOG MESSAGE
DESCRIPTION