steveredman
IS-IT--Management
I've got an inspection rule set up on a 1801 router primarily to allow traffic back in from the internet for sessions initiated inside the firewall. This seems to be working fine but in the logs I'm getting entries like:-
%FW-6-DROP_PKT: Dropping tcp pkt x.x.159.39:25 => x.x.0.5:2362
(In this case where x.x.0.5 is our mailserver) Here obviously our mail server has initiated a session with another server on the internet and the inspection rule has dropped a response. Is there a way to find out exactly why packets have been dropped? It isn't only port 25 traffic that is affected, port 80 and 443 packets get occasionally dropped as well with very similar log entries (ie: no real info!)
Thanks,
Steve
%FW-6-DROP_PKT: Dropping tcp pkt x.x.159.39:25 => x.x.0.5:2362
(In this case where x.x.0.5 is our mailserver) Here obviously our mail server has initiated a session with another server on the internet and the inspection rule has dropped a response. Is there a way to find out exactly why packets have been dropped? It isn't only port 25 traffic that is affected, port 80 and 443 packets get occasionally dropped as well with very similar log entries (ie: no real info!)
Thanks,
Steve