Table 82 Packet Filter Logs; Table 83 Icmp Logs - ZyXEL Communications ZyXEL NBG334W User Manual
802.11g wireless firewall router
Hide thumbs
Also See for ZyXEL NBG334W:
- Quick start manual (71 pages) ,
- Setup port-forwarding (5 pages) ,
- Manual (5 pages)
Table of Contents
Advertisement
Table 81 TCP Reset Logs (continued)
LOG MESSAGE
Firewall session time
out, sent TCP RST
Exceed MAX incomplete,
sent TCP RST
Access block, sent TCP
RST
Table 82 Packet Filter Logs
LOG MESSAGE
[TCP | UDP | ICMP | IGMP |
Generic] packet filter
matched (set:%d, rule:%d)
Table 83 ICMP Logs
LOG MESSAGE
Firewall default policy: ICMP
<Packet Direction>, <type:%d>,
<code:%d>
Firewall rule [NOT] match: ICMP
<Packet Direction>, <rule:%d>,
<type:%d>, <code:%d>
Triangle route packet forwarded:
ICMP
Packet without a NAT table entry
blocked: ICMP
Unsupported/out-of-order ICMP:
ICMP
Router reply ICMP packet: ICMP
NBG334W User's Guide
DESCRIPTION
The router sent a TCP reset packet when a dynamic firewall
session timed out.
The default timeout values are as follows:
ICMP idle timeout: 3 minutes
UDP idle timeout: 3 minutes
TCP connection (three way handshaking) timeout: 270 seconds
TCP FIN-wait timeout: 2 MSL (Maximum Segment Lifetime set in
the TCP header).
TCP idle (established) timeout (s): 150 minutes
TCP reset timeout: 10 seconds
The router sent a TCP reset packet when the number of
incomplete connections (TCP and UDP) exceeded the user-
configured threshold. (Incomplete count is for all TCP and UDP
connections through the firewall.)Note: When the number of
incomplete connections (TCP + UDP) > "Maximum Incomplete
High", the router sends TCP RST packets for TCP connections
and destroys TOS (firewall dynamic sessions) until incomplete
connections < "Maximum Incomplete Low".
The router sends a TCP RST packet and generates this log if you
turn on the firewall TCP reset mechanism (via CI command: "sys
firewall tcprst").
DESCRIPTION
Attempted access matched a configured filter rule (denoted
by its set and rule number) and was blocked or forwarded
according to the rule.
DESCRIPTION
ICMP access matched the default policy and was
blocked or forwarded according to the user's setting. For
type and code details, see
ICMP access matched (or didn't match) a firewall rule
(denoted by its number) and was blocked or forwarded
according to the rule. For type and code details, see
Table 92 on page
204.
The firewall allowed a triangle route session to pass
through.
The router blocked a packet that didn't have a
corresponding NAT table entry.
The firewall does not support this kind of ICMP packets
or the ICMP packets are out of order.
The router sent an ICMP reply packet to the sender.
Chapter 20 Logs
Table 92 on page
204.
199
Advertisement
Table of Contents
Troubleshooting
