cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
most_ahdy
Contributor
Contributor

NV7100 firewall cli log clarification request

Jump to solution

Hi,

   Recently I am always receiving the below cli log which is related to firewall , Kindly I need a clarification about this:

012.11.03 15:42:29 FIREWALL id=firewall time="2012-11-03 15:42:29" fw=NV7100 pri=1 rule=6 proto=1027/udp src=A.B.C.1 dst=A.B.C.15 msg="Data connection not established from remote from SELF policy-class on interface Loopback" agent=AdFirewall

Please note that the network A.B.C.0 is my voip vlan , and A.B.C.1 is voip vlan interface.

Thanks,

Mostafa Aly

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: NV7100 firewall cli log clarification request

Jump to solution

The AOS firewall attack log messages are found in the guide in Appendix A starting on page 58.

This specific message is found on page 63:



Short Definition: No connection from remote



Description: Indicates that a passive association has timed out without being used. Passive associations are typically created by ALGs to anticipate the reception of returning traffic. If a malicious user is purposely using an application in such a way to open holes through the firewall for malicious purposes, this could be an attack. In some cases, this is a valid message to receive. For example, the SIP ALG will create a passive association anticipating Real-Time Transport Control Protocol (RTCP) traffic. If the user agent never sends RTCP, then this association will never become active, resulting in one occurrence of this threat.


Thanks,
Matt

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: NV7100 firewall cli log clarification request

Jump to solution

The AOS firewall attack log messages are found in the guide in Appendix A starting on page 58.

This specific message is found on page 63:



Short Definition: No connection from remote



Description: Indicates that a passive association has timed out without being used. Passive associations are typically created by ALGs to anticipate the reception of returning traffic. If a malicious user is purposely using an application in such a way to open holes through the firewall for malicious purposes, this could be an attack. In some cases, this is a valid message to receive. For example, the SIP ALG will create a passive association anticipating Real-Time Transport Control Protocol (RTCP) traffic. If the user agent never sends RTCP, then this association will never become active, resulting in one occurrence of this threat.


Thanks,
Matt

0 Kudos
Anonymous
Not applicable

Re: NV7100 firewall cli log clarification request

Jump to solution

I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Matt

Re: NV7100 firewall cli log clarification request

Jump to solution

Thank you very much for your guide.

Mostafa Aly