Skip to main content
Skip table of contents

Firewall Messages

Vendor Documentation

https://www.forcepoint.com/product/ngfw-next-generation-firewall
https://help.stonesoft.com/onlinehelp/StoneGate/SMC/6.5.0/GUID-71291199-8540-496C-A4DF-52A69E8FE227.html
https://support.forcepoint.com/KBArticle?id=000015002
https://www.websense.com/content/support/library/ngfw/v64/mgmt/ngfw_640_pg_a_en-us.pdf

Classification

Rule Name

Rule Type

Common Event

Classification


Firewall MessagesBase RuleGeneral Firewall LogNetwork Traffic
1004 : FW_Related-ConnectionSub RuleTraffic Allowed by Host FirewallNetwork Allow
70022 : Connection_Closed-AbnormallySub RuleConnection TerminatedNetwork Traffic
70026 : Connection_ProgressSub RuleConnection StartingNetwork Traffic
70019 : Connection_DiscardedSub RuleConnection ClosedNetwork Traffic
70018 : Connection_AllowedSub RuleTraffic Allowed by Host FirewallNetwork Allow
71257 : TCP_Segment-SYN-No-OptionsSub RuleTCP SYN ReceivedNetwork Traffic
70021 : Connection_ClosedSub RuleConnection ClosedNetwork Traffic

Mapping with LogRhythm Schema

Device Key in Log MessageLogRhythm SchemaData Type
Version

<version>

Number
vmid<vmid>Number
objectname<objectname>Text/String
severity<severity>Text/String/Number
spt<sport>Number
dst<dip>IP Address
request<object>Text/String
app<session>Text/String/Number
act<command>Text/String
msg<object>Text/String
deviceoutboundinterface<sinterface>Text/String/Number
deviceinboundinterface<dinterface>Text/String/Number
proto<protnum>Number
dpt<dport>Number
in<bytesin>Number
out<bytesout>Number
src<sip>IP Address
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close