4. Firewall Logging Fragments

Firewall Logging Fragments

  • N

    OK… I did a bit of searching for this and found a doc, but would like to be clear.

    In my firewall log I see entries like this:

    IF: LAN
    Source: Internal IP
    Destination: External IP and either port 443 or 80
    Proto: TCP

    The log message is:
    @3 scrub on ovpns2 all fragment reassemble
    @3 block drop in log inet all label "Default deny rule IPv4"

    ovpns2 is my OpenVPN server listening on TCP port 443
    WebGUI is on port 80 (internal only)

    The LAN interface has the default any any rule.

    The question is.... If states were being dropped shouldn't I see this originating on the WAN interface? The LAN interface should just be passing it...no? Also, why is my ovpns2 network port being listed here? Especially for traffic destined for port 80 - that really confuses me.

    I would really appreciate it if someone could explain this to me - and recommend the best way to remove it from my logs.

    Thank you for any help!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy