03-10-2010 02:51 AM - edited 03-11-2019 10:19 AM
Hi.........
On my firewall logs, I am getiing hits counts like tcp/0 and udp/0 from internet as well as my remote location.
but i am not understand that for which purpose the tcp/0 and udp/0 is used.
As per my knowledge 0 is well known port.
if anyone having idea on this pls suggest me.
Thanx.......
Solved! Go to Solution.
03-11-2010 11:51 AM
Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.
Who is sending the logs, the ASA?
What severity are these logs? Are they just informational or critical?
This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.
A configuration will help.
Federico.
03-10-2010 11:02 AM
Hi,
tcp/0 or udp/0 specifies all TCP/UDP traffic
For example, to enable authentication for TCP connections originated from the inside interface to the outside network:
aaa authentication include tcp/0 inside 192.168.1.0 255.255.255.0 209.165.201.0 255.255.255.224 tacacs+
Most likely you will get in the logs this information if you have enabled authentication through the ASA or Firewall.
Can you post the logs to see if there are critical or just informational logs and what exactly do they mean?
Federico.
03-10-2010 08:53 PM
Hi Federico,
Thax a lot for your reply......
In my organasation i am using Sonicwall firewall,Pls find the logs for more clarrificaion.I am getting this logs from most of the internet traffic.
But i am wondering about that my traffic size is zero.
And second thing is that also i am getting some other logs tcp/smtp and udp/389 about that i am bit confused.
Pls go through and help me out.
Thanx once again.....
03-11-2010 11:51 AM
Those logs could be part of an authentication like I mentioned, or could be traffic that is flowing through the ASA.
Who is sending the logs, the ASA?
What severity are these logs? Are they just informational or critical?
This could be normal traffic or not, in order to find out, we need to know if that traffic showing on the logs is supposed to go through the ASA in the first place.
A configuration will help.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide