This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IVIEW / UTM / RULE 60002

i m trying iview on my utm.

So i check the results , and see that dashboard:

What is this rule 60002 ??

I looked for it , and didn t understand exactly what it is .

May this kind of "rule" or blocking traffic reduce my network reactivity?

 

 



This thread was automatically locked due to age.
Parents
  • You will see default drops during session shutdown.   UTM's connection tracker closes its state tracker when it sees a disconnect request from either direction.   When the finish confirmation comes from the other end, it is blocked.    TCPFlags on those records will have FIN or RST.   These situations should be ignored.

  • What Douglas says is, that you will also see RST and FIN packets hit the default drop rules. I personally filter those out with a 'grep -Pv "RST|FIN"' while tailing through the raw packet filter logs on the firewalls themselves.

    It would be nice to see an option to disable these kind of log messages based on their TCP-flags. But being able to create an any rule dropping only for flags RST and FIN, would also suffice, as one could make that the last/bottom rule without logging. 

Reply
  • What Douglas says is, that you will also see RST and FIN packets hit the default drop rules. I personally filter those out with a 'grep -Pv "RST|FIN"' while tailing through the raw packet filter logs on the firewalls themselves.

    It would be nice to see an option to disable these kind of log messages based on their TCP-flags. But being able to create an any rule dropping only for flags RST and FIN, would also suffice, as one could make that the last/bottom rule without logging. 

Children
No Data