Dropped TCP Connections

Printable View

Show 40 post(s) from this thread on one page

May 4th, 2004, 04:59 PM
AngelicKnight

Dropped TCP Connections

We have a SonicWall set up monitoring our T1 line, but lately we're having somet rouble with connections being dropped. The log appears as such (first ip address listed is the source, the second the destination):

05/04/2004 10:57:37.320 TCP connection dropped 64.252.69.111, 3365, WAN 192.168.1.86, 2745, LAN Type: 274 Rule: 12
05/04/2004 10:52:32.448 TCP connection dropped 64.231.248.141, 3068, WAN 64.66.82.50, 2745, WAN Type: 274 Rule: 0
05/04/2004 10:44:21.064 TCP connection dropped 64.40.54.237, 4501, WAN 64.66.82.50, 2745, WAN Type: 274 0
05/04/2004 10:30:50.384 TCP connection dropped 68.123.234.162, 4783, WAN 64.66.82.50, 3127, WAN Type: 312 Rule: 0
05/04/2004 10:13:24.048 TCP connection dropped 64.171.84.56, 3014, WAN 192.168.1.98, 2745, LAN Type: 274 12
05/04/2004 09:06:28.640 TCP connection dropped 204.162.66.215, 3080, WAN 64.66.82.50, 1433, WAN Type: 143 Rule: 0

Does anyone know how to resolve this, or at least where to start?
May 4th, 2004, 05:47 PM
cacosapo

inst just ur firewall acting like it would be? it appears to a "firewall log action to me". Am i incorrect?
May 5th, 2004, 10:28 AM
SirDice

Can you show us rule 0? Or is this an implied rule just like Checkpoint?
May 5th, 2004, 10:28 AM
SirDice

Can you show us rule 0? Or is this an implied rule just like Checkpoint?
May 5th, 2004, 10:50 AM
Tiger Shark

There's a rule 12 in there too.....

What are those rule definitions?
May 5th, 2004, 10:50 AM
Tiger Shark

There's a rule 12 in there too.....

What are those rule definitions?
May 5th, 2004, 02:09 PM
Infiltrator

Is that all for dropped connections? If there are many more and they come from random external IP addresses, perhaps it is your outside interface (the one that connects to your T-1). I have not used Sonic much, I use Cisco gear and I know in my gear I can see the reliability of an interface in the form of x/x (255/255 would mean the interface has 100% reliability) Perhaps your outside interface is having some problems and a call to your providor would help.
May 5th, 2004, 02:09 PM
Infiltrator

Is that all for dropped connections? If there are many more and they come from random external IP addresses, perhaps it is your outside interface (the one that connects to your T-1). I have not used Sonic much, I use Cisco gear and I know in my gear I can see the reliability of an interface in the form of x/x (255/255 would mean the interface has 100% reliability) Perhaps your outside interface is having some problems and a call to your providor would help.
May 5th, 2004, 07:30 PM
AngelicKnight

There are many dropped connections a day evidently, all within the same range. I checked the log reference guide on what the rules were, but it doesn't offer much. The only rule categories listed were in reference to blocked Webs/FTPs/Gophers/Newsgroups, so I don't know if there's any relation to TCP droppings. That said, category 12 is Alcohol & Tobacco. It says nothing about a rule or category 0.
May 5th, 2004, 07:30 PM
AngelicKnight

There are many dropped connections a day evidently, all within the same range. I checked the log reference guide on what the rules were, but it doesn't offer much. The only rule categories listed were in reference to blocked Webs/FTPs/Gophers/Newsgroups, so I don't know if there's any relation to TCP droppings. That said, category 12 is Alcohol & Tobacco. It says nothing about a rule or category 0.

Show 40 post(s) from this thread on one page