Hi everybody,
I'm using a PIX 515. I'm trying to figure out what exactly happens when outgoing
(send) connections go through PIX, but incoming (receive) connections don't. I
made all incoming traffic destined to a server (protected by the PIX) NOT to
pass through PIX. It does not work as we know. But the question is about
interpreting the related log files. For each connection from my server to an
Internet destination, there were at least the following three log entries on
PIX:
May 6 17:57:40 PIX %PIX-6-302001: Built outbound TCP connection 4638593 for
faddr INTERNET-HOST/80 gaddr MY-SERVER/2394 laddr MY-SERVER/2394
May 6 17:57:40 PIX %PIX-6-302002: Teardown TCP connection 4638593 faddr
INTERNET-HOST/80 gaddr MY-SERVER/2394 laddr MY-SERVER/2394 duration 0:00:00
bytes 0 (TCP Reset-I)
May 6 17:57:43 PIX %PIX-6-106015: Deny TCP (no connection) from
INTERNET-HOST/80 to MY-SERVER/2394 flags RST
The question is the meaning of the last entry. If the incoming packets to my
server do not pass through PIX (which surely do not), which incoming packet
(with RST Bit on) is denied by PIX?
Any idea? Sorry if it's sound confusing. Let me ask again for any book, website
or something, including more details about PIX' commands, logs and .....
thanks a lot,
Nazila
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
