My firebox units have a LOT more in the logs and the log viewer has a header that explains the columns.
My columns are as follows: Date Time Disp (deny/allow) Direction (in/out) I/F (interface ETH0:1, ETH0:2, ETH0, ETH1....) Protocol UDP, ICMP, TCP Source IP Dest IP Source Port Dest Port Details (rule that caused the action)
137 is from typical Windows crap, we always block ports 135 through 139 and 445 between interfaces.
The spoofed could be a couple things:
1) Is your internal network on 192.168.0.0/24? If not, then you've got a rogue NODE someplace in your network.
2) You didn't setup the blocked NAT Config to allow 192.168.0.0/24, default is to not approve 192.168.0.0/16 I think.
....
As for the 78, 20, 128, I don't know what they represent. When I check my logs I don't see things like that anywhere.
Consider posting to the WG WSF groups and asking them.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.