Dropped Packets from the Internet When I ran "fw log -c drop", I got tons of dropped packets from Internet destined to the inside. Here's a sample of the log. 23:50:18 drop eagle.foo.com >hme1 proto tcp src 209.51.11.7 dst 198.216.82.250 service 43425 s_port http len 40 rule 11 23:50:19 drop eagle.foo.com >hme1 proto tcp src 203.137.129.4 dst 198.216.82.250 service 63752 s_port http len 40 rule 11 23:50:42 drop eagle.foo.com >hme1 proto tcp src 206.28.103.5 dst 138.241.79.238 service 4140 s_port http len 40 rule 11
My security policy is basically allow all outgoing, and drop all incoming, which is rule 11.
Answer If you look at these entries, you'll notice that they are "reverse" of what they should be (i.e. the source port is http). These entries will sometimes appear because some packets were received after the connection was closed. These are "normal" and should be of no concern.
Unchecking the checkbox "Log Established TCP Connections" in the rulebase properties and re-installing your security policy should prevent these errors from being logged.
In NG AI, go to Policy|Global Properties|Stateful Inspection in the out of state packets.
--
RobertGraham - 16 Mar 2004
FAQForm FAQs.Class:
LoggingAndAlertingFAQs,
TroubleshootingFAQs FAQs.OS: FAQs.Version:
Dropped Packets from the Internet 
2005-08-12 
Dropped Packets from the Internet 
Linear Mode
