User guide

ManualsBrandsMultitech ManualsComputer equipmentRouteFinder RF850

141

142

143

144

145

146

147

148

149

150

Appendix A – Disposition of Events

Multi-Tech Systems, Inc. RouteFinder RF850/860 User Guide (PN S000400E) 150

Access Requests through Firewall Violating Security Policy

An access request that traverses (routed through the firewall) but has to be dropped due to security

restriction is logged as Through Firewall dropped.

Access requests logged as Access Request through Firewall Violating Security Policy correspond to

LO1.C of Baseline module - version 4.0, ICSA Labs

Figure 7 show a snapshot of Through Firewall Dropped.

Access Request to Firewall Violating Security Policy

An Access request to the firewall can be dropped due to security restrictions. Each of these access

requests is logged as To Firewall Dropped.

Access requests logged as Access Request to Firewall Violating Security Policy correspond to LO1.D of

Baseline module - version 4.0, ICSA Labs.

Figure 8 shows To Firewall dropped diagram.

Figure 9 shows a snapshot of To Firewall Dropped.

Administrative Authentication Log

All successful and failed attempts to login to the VPN can be logged. The attempts are logged as

Administrative Authentication Log.

Administrative Authentication Log corresponds to LO1.E of Baseline module - version 4.0, ICSA Labs.

Figure 10 shows a snapshot of Administrative Authentication Log.

Admin Port Access Requests

All requests to the Administrative port (HTTPS/HTTP to the box using the WEB GUI) are logged as

Admin Port Traffic.

Access requests logged as Admin Port Access requests correspond to LO1.F of Baseline module -

version 4.0, ICSA Labs.

Figure 11 shows a snapshot of Admin Port Access log.

Startup History

The system startup Timestamp is logged as Startup History. Startup History corresponds to LO1.G of

Baseline module - version 4.0, ICSA Labs.

Figure 12 shows a snapshot of Startup History.

User Defined Log

User defined logging is classified as User logs. Administrators can log packets using the Packet Filers

> Add User Defined Packet Filter Rules and selecting LOG as the action.

Note: User logging is allowed only on routed packets.

Figure 13 shows a snapshot of user defined log.

Fragmented Packets Log

Fragments packets can be logged as Dropped Fragmented. Logging of Dropped Fragmented

Packets can be configured through Packet Filters > Advanced > Drop Fragmented Packets. Logging

is allowed only if fragments are dropped.

Figure 14 shows a snapshot of Fragmented Packets log.

ICMP Information

Information about ICMP requests is available in the remarks. Type and Code information is displayed

after the event type.

ICMP information meets requirement LO2.G of Baseline module - version 4.0, ICSA Labs.

Figure 15 shows a snapshot with ICMP information.

Description of Syslog Messages

The syslog message description is given below:

1. kernel: mtrfThFWia – Denotes inbound traffic being forwarded by the firewall.

2. kernel: mtrfToFWa – Denotes inbound traffic, which is destined to the firewall and is accepted.

3. kernel: mtrfThFWoa – Denotes outbound traffic sent by the firewall

4. kernel: mtrfUSR – Denotes the packets that are forwarded by the firewall by user defined packet

filter rules.

5. kernel: mtrfThFWd – Denotes the packets that are not forwarded by the firewall due to security

policy violation. These packets are dropped.

6. kernel: mtrfThFWdR – Denotes the packets that are not forwarded by the firewall due to security

policy violation. These packets are rejected.

7. kernel: mtrfToFWd – Denotes the packets that are not accepted by the firewall due to security

policy violation. These packets are dropped.

8. kernel: mtrfAR – Denotes the accepted HTTP and HTTPS WEB configuration traffic to the firewall .