my firewall started to fill the log with "60003"-entries..
2013:06:11-18:36:26 UTM-Frank ulogd[5091]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x108d" app="141" srcmac="0:c:f6[:D]:e5:72" srcip="89.202.157.201" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="49159" tcpflags="ACK PSH FIN"
2013:06:11-18:36:26 UTM-Frank ulogd[5091]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x108d" app="141" srcmac="0:c:f6[:D]:e5:72" srcip="89.202.157.201" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="49160" tcpflags="ACK PSH FIN"
2013:06:11-18:36:28 UTM-Frank ulogd[5091]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x10d3" app="211" srcmac="0:c:f6[:D]:e5:72" srcip="199.7.55.72" dstip="192.168.1.2" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="49166" tcpflags="ACK PSH FIN"
in an attempt to fix, I reinstalled using the latest version(cleaning all the logs, hard drive, configurations done, and all the definitions), with no function active, except the firewall and "network visibility"(no rules in the application firewall though). oh, IPS is also activated.
but it keeps going on.. it's not a real big deal, if it wouldn't stop my anti-virus stop updating.
i found some old post suggesting the following things:
- set all network definitions to interface ">"
Done that, checked also the default definitions.
- recreate all NAT/SNAT/DNAT rules
there's just the default masquerading rule.
update:
it start when I turn on the web filtering(I only checked "scan with anti-virus" or something in the initial configuration wizard, could it be the Anti-Virus blocking my connection?)
out of that log, I only get this:
2013:06:11-18:58:24 UTM-Frank httpproxy[15910]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="91.228.166.13" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xc566090" url="91.228.166.13/.../update.ver" exceptions="" error="" category="9998" reputation="neutral" categoryname="Uncategorized"
2013:06:11-18:59:13 UTM-Frank httpproxy[15910]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="91.228.166.14" user="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0xc566690" url="um02.eset.com/.../Hardware"
2013:06:11-18:59:14 UTM-Frank httpproxy[15910]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.1.2" dstip="91.228.166.15" user="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Proxy)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6848" request="0xc566c90" url="91.228.166.15/.../octet-stream" application="eset"
This thread was automatically locked due to age.
