Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

141

142

143

144

145

146

147

148

149

150

Appendix A: State Tables for VPN-1/FireWall-1 4.0 General tables

Advanced Technical Reference Guide 4.1 • June 2000 145

Hexadecimal value Description

0x90, 0x91, 0x92, 0x93, 0x94, 0x95 Xtreme connections

0xa1 VDOlive connection

0xa3, 0xa4, 0xa5 RealAudio / RTSP connections

0xa8 RTP connection

0xaa NetShow connection

0x00 Any other connection

Byte h holds the interface ID (the number of the interface in "fw ctl iflist") of the interface in the direction of the

destination.

Byte g holds the interface ID (the number of the interface in "fw ctl iflist") of the interface in the direction of the

source.

old_connections table

All connections that were in the connections table during the installation of the security policy are copied into

the old_connections table. (The table could be used for various purposes, such as encryption or to reconstruct

the key).

Example

attributes: expires 3600, keep, sync, kbuf 2

<c0a83005, 0000042d, c7cb473e, 00000017, 00000006; 00004001; 1531/3620>

The old_connections table uses the following format:

<source IP address, source port, destination IP address, destination port, IP protocol; different flags (like in the

r_ctype connection table); time left/total time>

conn_oneway table

The conn_oneway table is a special table that holds information about connections that are known to be one

way only. Connections that are listed in this table are not allowed to operate both ways, but only to the known

one way.

Example

attributes: refresh, expires 3600

<c7cb471e, 00000014, c0a86e05, 00000549, 00000006; 00000001; 3/55>

The conn_oneway table uses the following format:

<source IP address, source port, destination IP address, destination port, IP protocol; rule number; time left/total

time>

estab_table table

Sometimes "inverted" entries appear in the log file. In these entries, the source port is a well-known service,

and the service (i.e. the destination port) is a random high port.

FireWall–1 times out idle connections after a while and removes them from the connection table. When a TCP

connection is erased from the connection table but that connection later receives a delayed reply, the packet is

logged by the firewall as dropped (or rejected) since it is unrecognized.