deny TCP (no connection)

Unanswered Question
eddie.mitchell@... Fri, 02/13/2009 - 08:16
User Badges:
  • Silver, 250 points or more

Is this firewall on your network perimeter? Are all of these messages being generated from the same source IP address? Same destination IP? Same source or destination port?

This is our perimeter which then interfaces another LAN. Another firewall is used at the internet perimeter. The addresses are not the same, although you see a cluster of denies (between 2 and 6 for each deny). We had an explicit deny any any log entry at the end of the outside rules. I just disabled this and noticed a significant drop in the logged traffic. I'm not sure this is just a band-aid to the real issue though.


This Discussion