Hi,
Recently I am always receiving the below cli log which is related to firewall , Kindly I need a clarification about this:
012.11.03 15:42:29 FIREWALL id=firewall time="2012-11-03 15:42:29" fw=NV7100 pri=1 rule=6 proto=1027/udp src=A.B.C.1 dst=A.B.C.15 msg="Data connection not established from remote from SELF policy-class on interface Loopback" agent=AdFirewall
Please note that the network A.B.C.0 is my voip vlan , and A.B.C.1 is voip vlan interface.
Thanks,
Mostafa Aly
The AOS firewall attack log messages are found in the guide in Appendix A starting on page 58.
This specific message is found on page 63:
Short Definition: No connection from remote
Description: Indicates that a passive association has timed out without being used. Passive associations are typically created by ALGs to anticipate the reception of returning traffic. If a malicious user is purposely using an application in such a way to open holes through the firewall for malicious purposes, this could be an attack. In some cases, this is a valid message to receive. For example, the SIP ALG will create a passive association anticipating Real-Time Transport Control Protocol (RTCP) traffic. If the user agent never sends RTCP, then this association will never become active, resulting in one occurrence of this threat.
Thanks,
Matt
The AOS firewall attack log messages are found in the guide in Appendix A starting on page 58.
This specific message is found on page 63:
Short Definition: No connection from remote
Description: Indicates that a passive association has timed out without being used. Passive associations are typically created by ALGs to anticipate the reception of returning traffic. If a malicious user is purposely using an application in such a way to open holes through the firewall for malicious purposes, this could be an attack. In some cases, this is a valid message to receive. For example, the SIP ALG will create a passive association anticipating Real-Time Transport Control Protocol (RTCP) traffic. If the user agent never sends RTCP, then this association will never become active, resulting in one occurrence of this threat.
Thanks,
Matt
I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.
Thanks,
Matt
Thank you very much for your guide.
Mostafa Aly