We have noticed that when the syslog server becomes unavailable that the pix generates large amounts of ICMP reverse path check errors. Can some one explain why this happens and if it can be prevented.
By disabling the syslog server, you are effectively DoSing the PIX.
PIX sends syslog message to Windows based syslogs server on UDP port 514.
Windows doesn't have a service listening on that port, so it sends back a port unreachable message. That ICMP message gets back to the PIX, where
"ip audit" is applied to the interface, causing the PIX to generate a syslog for the Unreachable message it got from the syslog server in response to the syslog that the PIX originaly sent it. Got it ;-0
The solution is to disable the logging of the ICMP unreachable message, or disable the audit command or removing the logging host command if the syslog server is unavailable.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...