I'm new to firewalling anything beyond the basics, and I have our Watchguard up and running and have moved one of our web sites behind it, so we're starting to see some traffic through it. I'm a tiny bit concerned that people with legitimate connections might be getting blocked because of some of the rules in the firewall.
For example, this first IP (184.108.40.206) seems to be a Comcast user trying to bring up a web site. Can someone give a brief insight into the reasons the firewall is blocking these connections?
"TCP RST packet without an associated connection" "TCP SYN checking: connection not established yet [-A---F];"2007-11-19 21:02:56 Deny 220.127.116.11 xxx.xxx.xxx.xxx http/tcp 52480 80 0-External unknown TCP RST packet without an associated connection, firewall drop 40 241 (internal policy) tcpinfo="offset 5 R 1327508525 win 0"
2007-11-19 21:03:17 Deny 18.104.22.168 xxx.xxx.xxx.xxx http/tcp 52488 800-External 1-Trusted TCP SYN checking: connection not established yet [-A---F], firewall drop 52 49 (internal policy) tcpinfo="offset 8 FA 942952889 win 65535"
I'm also seeing some of these "Unhandled External Packet-00" connections being denied.2007-11-19 21:14:04 Deny 22.214.171.124 xxx.xxx.xxx.xxx 54122/tcp 80 54122 0-External 1-Trusted denied 44 48 (Unhandled External Packet-00) tcpinfo="offset 6 SA 363997396 win 5840"