Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kitetsu89
Explorer

Rejects with Drop rules

Hi there,

I have a question about the following (R80.20)

I see in the logs that some traffic is "action: Reject", but if I look in the Access Policy I see that the action is "action: Drop". 

I noticed this with certain inspections settings as well, for instance: HTTP incompliant packets states action: Drop, but in the logs I see "Reject".

 

Help is much appreciated! Thanks

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

The functional difference between a drop and a reject is that the gateway sends a RST or ICMP Unreachable message in response.
Which, for inspection settings, or anything IPS, makes sense, since you’re interrupting an in-progress connection.

the_rock
Authority
Authority

I agree 100% with answer phone boy gave. It makes total sense that anything ips related or to do with inspection would show reject, as you would get some sort of unreachable message.

0 Kudos