2.13. CONN

Home Prev	cOS Core 15.00.01 Log Reference Guide	Next

2.13.1. conn_open (ID: 00600001)

Default Severity: INFORMATIONAL
Log Message: Connection opened
Explanation: A connection has been opened.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: Rule Information
Connection
Packet Buffer

2.13.2. conn_close (ID: 00600002)

Default Severity: INFORMATIONAL
Log Message: Connection closed
Explanation: A connection has been closed.
Firewall Action: close
Recommended Action: None
Revision: 3
Parameters: reason
Context Parameters: Rule Information
Connection

2.13.3. connection_table_full (ID: 00600003)

Default Severity: WARNING
Log Message: Closing (replacing) this connection; connection table full
Explanation: The connection table is currently full and the unit needs to open a new connection. This specific connection is closed and replaced with the new connection.
Firewall Action: replacing_conn
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Connection

2.13.4. conn_open_natsat (ID: 00600004)

Default Severity: INFORMATIONAL
Log Message: Connection opened
Explanation: A connection has been opened.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: Rule Information
Connection
Packet Buffer

2.13.5. conn_close_natsat (ID: 00600005)

Default Severity: INFORMATIONAL
Log Message: Connection closed
Explanation: A connection has been closed.
Firewall Action: close
Recommended Action: None
Revision: 3
Parameters: reason
Context Parameters: Rule Information
Connection

2.13.6. out_of_connections (ID: 00600010)

Default Severity: WARNING
Log Message: Out of connections. Rejecting connection attempt
Explanation: The connection table is currently full and this new connection attempt will be rejected.
Firewall Action: reject
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.13.7. out_of_connections (ID: 00600011)

Default Severity: WARNING
Log Message: Out of connections. Dropping connection attempt
Explanation: The connection table is currently full and this new connection attempt will be dropped.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.13.8. no_new_conn_for_this_packet (ID: 00600012)

Default Severity: WARNING
Log Message: State inspector would not open a new connection for this TCP packet, rejecting
Explanation: State inspector would not open a new connection for this TCP packet since the combination of TCP flags is wrong. Only packets with the SYN TCP-flag set as the only TCP flag are allowed to open a new TCP connection.
Firewall Action: reject
Recommended Action: None
Revision: 1
Parameters: protocol
Context Parameters: Rule Name
Packet Buffer

2.13.9. no_new_conn_for_this_packet (ID: 00600013)

Default Severity: WARNING
Log Message: State inspector would not open a new connection for this ICMP packet, dropping packet
Explanation: State inspector would not open a new connection for this ICMP packet since it is not an ICMP Echo Request. Only Echo Requests are allowed to open a new ICMP connection.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: protocol
Context Parameters: Rule Name
Packet Buffer

2.13.10. no_return_route (ID: 00600014)

Default Severity: WARNING
Log Message: Failed to open a new connection since a return route to the sender address cant be found. Dropping packet
Explanation: There was no return route found to the sender address of the packet. Therefore, a new connection could not be opened and the packet is dropped.
Firewall Action: reject
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Connection
Packet Buffer

2.13.11. reverse_connect_attempt (ID: 00600015)

Default Severity: WARNING
Log Message: Disallowed reverse connect attempt from peer. Dropping
Explanation: State inspector does not allow this packet in reverse direction on the already opened connection. This type of packet is only allowed to be sent by the originator of a connection. Dropping the packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Connection
Packet Buffer

2.13.12. unknown_icmpv6_type (ID: 00600016)

Default Severity: WARNING
Log Message: State inspector would not open a new connection for this ICMPv6 packet, dropping packet
Explanation: State inspector would not open a new connection for this ICMPv6 packet since it is not an ICMPv6 Echo Request. Only Echo Requests are allowed to open a new ICMPv6 connection.
Firewall Action: drop
Recommended Action: None
Revision: 1
Parameters: protocol
Context Parameters: Rule Name
Packet Buffer

2.13.13. port_0_illegal (ID: 00600020)

Default Severity: WARNING
Log Message: TCP/UDP destination port or TCP source port was set to 0. Dropping
Explanation: The TCP/UDP destination or TCP source port was set to 0, which is not allowed. Dropping packet.
Firewall Action: drop
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.13.14. udp_src_port_0_illegal (ID: 00600021)

Default Severity: WARNING
Log Message: UDP source port is set to 0. Dropping
Explanation: The UDP source port was set to 0. This can be used by UDP streams not expecting return traffic. Dropping packet.
Firewall Action: drop
Recommended Action: If the packet is wanted, change the UDP source port 0 setting.
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.13.15. udp_src_port_0_forwarded (ID: 00600022)

Default Severity: WARNING
Log Message: UDP source port is set to 0. Forwards packet
Explanation: The UDP source port was set to 0. This can be used by UDP streams not expecting return traffic. Forwarding packet.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: Rule Name
Packet Buffer

2.13.16. conn_usage (ID: 00600023)

Default Severity: INFORMATIONAL
Log Message: Connection used to forward a packet.
Explanation: A packet has passed through the connection.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: Packet Buffer

2.13.17. conn_close (ID: 00600032)

Default Severity: INFORMATIONAL
Log Message: Connection closed
Explanation: A connection has been closed.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: reason
Context Parameters: Rule Information
Connection

2.13.18. conn_close (ID: 00600033)

Default Severity: INFORMATIONAL
Log Message: Connection closed
Explanation: A connection has been closed.
Firewall Action: close
Recommended Action: None
Revision: 3
Parameters: reason
Context Parameters: Rule Information
Connection

2.13.19. conn_close_natsat (ID: 00600035)

Default Severity: INFORMATIONAL
Log Message: Connection closed
Explanation: A connection has been closed.
Firewall Action: close
Recommended Action: None
Revision: 2
Parameters: reason
Context Parameters: Rule Information
Connection

2.13.20. active_data (ID: 00600100)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Incoming active data channel
Explanation: An active data channel connection has been established.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.13.21. passive_data (ID: 00600101)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Incoming passive data channel
Explanation: A passive data channel connection has been established.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.13.22. active_data (ID: 00600102)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Active data channel closed
Explanation: An active data channel was closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.13.23. passive_data (ID: 00600103)

Default Severity: INFORMATIONAL
Log Message: FTPALG: Passive data channel closed
Explanation: A passive data channel was closed.
Firewall Action: None
Recommended Action: None
Revision: 1
Context Parameters: ALG Module Name
ALG Session ID
Rule Information
Connection

2.13.24. ip_reputation (ID: 00600120)

Default Severity: INFORMATIONAL
Log Message: IP address reputation query result.
Explanation: The reputation and possibly threat category association of the public IP address.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: ip
score
categories
Context Parameters: Connection

2.13.25. ip_reputation_query_failed (ID: 00600121)

Default Severity: WARNING
Log Message: IP address reputation query failed.
Explanation: The IP reputation query failed. The reason for this is specified in the "reason" parameter.
Firewall Action: None
Recommended Action: None
Revision: 1
Parameters: ip
reason
Context Parameters: Connection

2.13.26. ip_reputation_query_timeout (ID: 00600122)

Default Severity: WARNING
Log Message: IP address reputation query timed out.
Explanation: The IP reputation query failed. The connection timed out.
Firewall Action: None
Recommended Action: Verify that the unit has been configured with Internet access.
Revision: 1
Parameters: ip
Context Parameters: Connection

2.13.27. conn_close_no_slb_server (ID: 00600123)

Default Severity: NOTICE
Log Message: Connection dropped. No reachable SLB server found.
Explanation: A connection has been closed because no SLB reachable server was found.
Firewall Action: close
Recommended Action: Check SLB servers.
Revision: 1
Context Parameters: Connection