Chapter 32 Logs Screens
ZyWALL 5/35/70 Series User’s Guide
564
Triangle route packet forwarded:
[ TCP | UDP | IGMP | ESP | GRE |
OSPF ]
The firewall allowed a triangle route session to pass
through.
Packet without a NAT table entry
blocked: [ TCP | UDP | IGMP |
ESP | GRE | OSPF ]
The router blocked a packet that didn't have a
corresponding NAT table entry.
Router sent blocked web site
message: TCP
The router sent a message to notify a user that the router
blocked access to a web site that the user requested.
Exceed maximum sessions per host
(%d).
The device blocked a session because the host's
connections exceeded the maximum sessions per host.
Firewall allowed a packet that
matched a NAT session: [ TCP |
UDP ]
A packet from the WAN (TCP or UDP) matched a cone
NAT session and the device forwarded it to the LAN.
Firewall matches a dynamic ACL
rule of an ALG session
A packet matches a dynamic ACL rule created in an ALG
session.
Maximum number of dynamic ACL
rules exceeded.
The number of dynamic ACL rules exceeds the
maximum allowed.
Dynamic ACL rule, listening port
: %d, peer port : %d already
exists.
The dynamic ACL rule already exists.
<srcMAC> was bind to [legalIP]
but he uses [srcIP].
The device’s IP address is different from the IP address
assigned to this device.
This log also records if the IP address assigned to this
device is used by another device.
DHCP Server dynamic assigned
[legalIP] to [srcMac] but he
uses [srcIP].
The dynamically assigned IP address differs from the IP
address used by the device.
[srcMac] uses an untrusty IP
address [srcIP].
This device is using an IP address that does not fall
within the specified range of trusted IP addresses.
Table 176 TCP Reset Logs
LOG MESSAGE DESCRIPTION
Under SYN flood attack,
sent TCP RST
The router sent a TCP reset packet when a host was under a SYN
flood attack (the TCP incomplete count is per destination host.)
Exceed TCP MAX
incomplete, sent TCP RST
The router sent a TCP reset packet when the number of TCP
incomplete connections exceeded the user configured threshold.
(the TCP incomplete count is per destination host.) Note: Refer to
TCP Maximum Incomplete in the Firewall Attack Alerts screen.
Peer TCP state out of
order, sent TCP RST
The router sent a TCP reset packet when a TCP connection state
was out of order.Note: The firewall refers to RFC793 Figure 6 to
check the TCP state.
Table 175 Access Control Logs (continued)
LOG MESSAGE DESCRIPTION
To Next Page
Loading...
