Troubleshooting guide
Appendix A: State Tables for VPN-1/FireWall-1 4.0 Logging tables
Advanced Technical Reference Guide 4.1 • June 2000 149
forbidden table is first checked to see if an alert has already been sent for that source. If the alert has not been
sent, the source IP address is recorded and the alert is sent.
Example
attributes: expires 300
<c7cb471e; 176/300>
The forbidden_tab table format is a list of IP addresses in hexadecimal format.
host_table table
This table holds the IP addresses of internal machines protected by the FireWall. The table only exists where the
FireWall license is for a limited number of machines behind the FireWall.
The maximum number of entries in this table is the allowed number of internal machines.
Example
Attributes: limit 250
<c0a81f01>
<c0a81f0c>
<c0a81f0e>
Logging tables
logged table
The logged table holds all the connections that are all ready logged in order to prevent the same connection
from being logged more than once.
Example
attributes: expires 62
<00000006, c0a83005, c7cb477d, 0000046e, 00000017, 00000002; 38/62>
The logged table uses the following format:
<IP protocol, source IP address, destination IP address, source port, destination port, rule number; time left/total
time>
tracked table
The tracked table keeps information for accounting.
Example
attributes: refresh, expires 10000, free function 4276413424 11<c0a83005,
00000431, c7cb477d, 00000017, 00000006; 3471650b, 000012ed, 000347c1,
00000001, 00000004, 00000003; 9998/10000>
<00000000, c0a81f01, 00000014, c073cd75, 00000513, 00000006; c073cd75,
00000512, c0a81f01, 00000015, 00000006; 9990/10000>
The tracked table uses the following format:
<source IP address, source port, destination IP address, destination port, IP protocol; time, # of packets, # of
bytes, rule number, counter, interface; time left/total time>