I am trying to install a content engine, CE560, and every time that I start to use it, the PIX syslog messages increase by about 500%. Most of the extra messages concern denied connections from outside addresses with a source port of 80 and all destined for the CE-560. Users are still able to surf the web, but we get a ton of these messages.
%PIX-6-106015: Deny TCP (no connection) from w.x.y.z/80 to a.b.c.d/18825 flags PSH ACK on interface outside
According to the docs the above syslog message description
Explanation This message is logged when the PIX Firewall discards a TCP packet that has no associated connection in the PIX Firewall unit's connection table. PIX Firewall looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the PIX Firewall discards the packet.
Action None required unless the PIX Firewall receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.
The content engines connections are being closed after the tcp session is done and removed from the connection table on the pix and the www server being visited is sending what ever flag is set in the syslog message. Most of these will probably have RST ACK or FIN ACK. The www server is acknowledging a RST request or FIN request but the conneciton entry on the firewall has already been removed so the firewall drops that packet and logs the above message.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...