3 Replies Latest reply on Nov 12, 2012 12:53 PM by most_ahdy

    NV7100 firewall cli log clarification request

    most_ahdy New Member

      Hi,

         Recently I am always receiving the below cli log which is related to firewall , Kindly I need a clarification about this:

      012.11.03 15:42:29 FIREWALL id=firewall time="2012-11-03 15:42:29" fw=NV7100 pri=1 rule=6 proto=1027/udp src=A.B.C.1 dst=A.B.C.15 msg="Data connection not established from remote from SELF policy-class on interface Loopback" agent=AdFirewall

      Please note that the network A.B.C.0 is my voip vlan , and A.B.C.1 is voip vlan interface.

       

      Thanks,

      Mostafa Aly

        • Re: NV7100 firewall cli log clarification request
          Employee

          The AOS firewall attack log messages are found in the Configuring the Firewall (IPv4) in AOS guide in Appendix A starting on page 58.

           

          This specific message is found on page 63:


          Short Definition: No connection from remote

           

          Description: Indicates that a passive association has timed out without being used. Passive associations are typically created by ALGs to anticipate the reception of returning traffic. If a malicious user is purposely using an application in such a way to open holes through the firewall for malicious purposes, this could be an attack. In some cases, this is a valid message to receive. For example, the SIP ALG will create a passive association anticipating Real-Time Transport Control Protocol (RTCP) traffic. If the user agent never sends RTCP, then this association will never become active, resulting in one occurrence of this threat.

           

          Thanks,
          Matt