I am currently working on a enterasys xsr-3150 device with a firewall module installed. i am seeing the following massage...which I believe is causing serious reliabilty issues from a client point of view.
just would like to know if anyone have seen the following deny massage before ...and genrally what does it mean?.3, 184, FW_Address, 11/22/2006, 8:02:14 AM, Nov 22 08:03:40 SAC_XSR7 FW: Nov 22 08:03:40 2006 Deny: TCP ACK packet, session not open Source_Address(110)->Desitination Address(4626)
First thought was someone from the internet was trying to packet sniif the addresses etc...but we are getting thousands of these from trusted clients that have been set up with firwall rules etc so current thinking is linked to a bug on the enterasys 3150 firewall device. finally the funny thing is that the firewall denys packets from a source with the above massage then allows it in after a period of time ?
thanks for any help offered !