Hello everybody,
The question is very simple and it was asked many times and answered many times, but no answer was really satisfying.
My question is entirely seen on the picture: I have simple explicit access rule (not application rule) that allows access to certain node by very simple and common protocol. And I see in the LOG records saying Action: "Accept" and below the Reason:"Connection terminated before detection: insufficient data passed"
What can I conclude (if I do not see any other records from this source):
- the session was accepted or terminated finally?
- if it was finally accepted and continue, I do not want to see "Connection terminated"
- if it was finally terminated, I do not want to see "Accept" here. What difference for me that action was not "Deny" or "Drop" but "Terminated" if result is same?
- If it was terminated finally - it was terminated by who?? by Checkpoint Gw or by the Source or by the Destination? It's critical to understand!
If the connection was terminated before detection by source or destination node - please write this in the reason field.
If the connection was terminated by Gw - please, You should understand that ''Insufficient data passed" just not reasonable to terminate session that explicitly defined as allowed
| User | Count |
|---|---|
| 13 | |
| 10 | |
| 8 | |
| 5 | |
| 4 | |
| 4 | |
| 4 | |
| 4 | |
| 3 | |
| 3 |
Thu 04 Jul 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: The most intriguing features of R82: ElasticXL and VSNext!Thu 04 Jul 2024 @ 10:00 AM (CEST)
CheckMates Live BeLux: The most intriguing features of R82: ElasticXL and VSNext!
