I'm new to firewalling anything beyond the basics, and I have our Watchguard up and running and have moved one of our web sites behind it, so we're starting to see some traffic through it. I'm a tiny bit concerned that people with legitimate connections might be getting blocked because of some of the rules in the firewall.
For example, this first IP (24.38.17.25) seems to be a Comcast user trying to bring up a web site. Can someone give a brief insight into the reasons the firewall is blocking these connections?
"TCP RST packet without an associated connection" "TCP SYN checking: connection not established yet [-A---F];"
2007-11-19 21:02:56 Deny 24.38.17.25 xxx.xxx.xxx.xxx http/tcp 52480 80 0-External unknown TCP RST packet without an associated connection, firewall drop 40 241 (internal policy) tcpinfo="offset 5 R 1327508525 win 0"2007-11-19 21:03:17 Deny 24.38.17.25 xxx.xxx.xxx.xxx http/tcp 52488 80
0-External 1-Trusted TCP SYN checking: connection not established yet [-A---F], firewall drop 52 49 (internal policy) tcpinfo="offset 8 FA 942952889 win 65535"I'm also seeing some of these "Unhandled External Packet-00" connections being denied.
2007-11-19 21:14:04 Deny 67.15.135.144 xxx.xxx.xxx.xxx 54122/tcp 80 54122 0-External 1-Trusted denied 44 48 (Unhandled External Packet-00) tcpinfo="offset 6 SA 363997396 win 5840"Thank you,