Page 161 / 234 Scroll up to view Page 156 - 160
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Preparing Your Network
C-11
May 2004, 202-10030-02
Restarting the Network
Once you have set up your computers to work with the firewall, you must reset the network for the
devices to be able to communicate correctly. Restart any computer that is connected to the firewall.
After configuring all of your computers for TCP/IP networking and restarting them, and
connecting them to the local network of your FVL328 Firewall, you are ready to access and
configure the firewall.
Page 162 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
C-12
Preparing Your Network
May 2004, 202-10030-02
Page 163 / 234
Firewall Log Formats
D-1
May 2004, 202-10030-02
Appendix D
Firewall Log Formats
Action List
Drop:
Packet dropped by Firewall current inbound or outbound rules.
Reset:
TCP session reset by Firewall.
Forward:
Packet forwarded by Firewall to the next hop based on matching the criteria in
the rules table.
Receive:
Packet was permitted by the firewall rules and modified prior to being
forwarded and/or replied to.
Field List
<DATE><TIME>:
Log's date and time
<EVENT>:
Event is that access the device or access other host via the device
<PKT_TYPE>:
Packet type pass Firewall
<SRC_IP><DST_IP>:
IP address in the packet
<SRC_PORT><DST_PORT>:
Port in the packet
<SRC_INF><DST_INF>:
Include `LAN` and `WAN` (optional)
<ACTION>:
As `Action List` referenced
<DESCRIPTION>:
A complement to the log (optional)
<DIRECTION>:
Inbound and Outbound
<SERVICE>:
Firewall costumed service
Outbound Log
Outgoing packets that match the Firewall rules are logged.
Page 164 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
D-2
Firewall Log Formats
May 2004, 202-10030-02
The format is:
<DATE> <TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP > <DST_INF>
<ACTION><DESCRIPTION>
[Fri, 2003-12-05 22:19:42] - UDP Packet - Source:172.31.12.233,138 ,WAN -
Destination:172.31.12.255,138 ,LAN [Drop] - [Inbound Default rule match]
[Fri, 2003-12-05 22:35:04] - TCP Packet - Source:172.31.12.156,34239 ,WAN -
Destination:192.168.0.10,21[FTP Control] ,LAN [Forward] - [Inbound Rule(1)
match]
[Fri, 2003-12-05 22:35:11] - UDP Packet - Source:172.31.12.200,138 ,WAN -
Destination:172.31.12.255,138 ,LAN [Forward] - [Inbound Rule(1) not match]
Notes:
SRC_INF = WAN
DST_INF = LAN
DESCRIPTION = "Inbound rule match", "Inbound Default rule match"
PKT_TYPE = "UDP packet", "TCP connection", "ICMP packet"
Inbound Log
Incoming packets that match the Firewall rules are logged.
The format is:
<DATE> <TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP > <DST_INF>
<ACTION><DESCRIPTION>
[Fri, 2003-12-05 22:59:56] - ICMP Packet [Echo Request] - Source:192.168.0.10,LAN
- Destination:192.168.0.1,WAN [Forward] - [Outbound Default rule match]
[Fri, 2003-12-05 23:00:58] - ICMP Packet [Echo Request] - Source:192.168.0.10,LAN
- Destination:172.31.12.200,WAN [Forward] - [Outbound Default rule match]
[Fri, 2003-12-05 23:02:30] - TCP Packet - Source:192.168.0.10,3472 ,LAN -
Destination:216.239.39.99,80[HTTP] ,WAN [Forward] - [Outbound Default rule
match]
Notes:
SRC_INF = LAN
DST_INF = WAN
DESCRIPTION = "Outbound rule match", "Outbound Default rule match"
PKT_TYPE = "UDP packet", "TCP connection", "ICMP packet"
Other IP Traffic
Some special packets matching the Firewall rules, like VPN connection, etc. are logged.
Page 165 / 234
Model FVL328 ProSafe High-Speed VPN Firewall Reference Manual Revision 2
Firewall Log Formats
D-3
May 2004, 202-10030-02
The format is:
<DATE><TIME><PKT_TYPE>< SRC_IP><SRC_PORT ><SRC_INF>< DST_IP><DST_PORT
><DST_PORT><ACTION><DESCRIPTION>
<DATE><TIME> <PKT_TYPE> <SRC_IP> <SRC_INF> <DST_IP> <DST_INF> <ACTION>
<DESCRIPTION>
[Wed, 2003-07-30 17:43:28] - IPSEC Packet - Source: 64.3.3.201, 37180 WAN -
Destination: 10.10.10.4,80[HTTP] LAN - [Drop] [VPN Packet]
[Wed, 2003-07-30 18:44:50] - IP Packet [Type Field: 321] - Source 18.7.21.69
192.168.0.3 - [Drop]
Notes:
DESCRIPTION = "VPN Packet"
PKT_TYPE = "GRE", "AH", "ESP", "IP packet [Type Field: Num]", "IPSEC"
ACTION = "Forward", "Drop"
Router Operation
Operations that the router initiates are logged.
The format is:
<DATE><TIME><EVENT>
[Wed, 2003-07-30 16:30:59] - Log emailed
[Wed, 2003-07-30 13:38:31] - NETGEAR activated
[Wed, 2003-07-30 13:42:01] - NTP Reply Invalid
The format is:
<DATE><TIME><EVENT><DST_IP>
<DATE><TIME><EVENT><SRC_IP>
[Wed, 2003-07-30 16:32:33] - Send out NTP Request to 207.46.130.100
[Wed, 2003-07-30 16:35:27] - Receive NTP Reply from 207.46.130.100

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top