Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arturxr
Explorer

"Connection terminated before detection" in log reason for Unified Rulebase

we see in the accept logs the message Connection terminated before detection and at the same time it is visible in the reject logs to the same source, destination, port. However, we tried to telnet to the resource and port, which is supposedly dropped and we get access. It turns out that access is open and the connection is not reset, but we need to close it. What can we do about it?

0 Kudos
3 Replies
_Val_
Admin
Admin

Please refer to sk113479 for the answer. Let me know if you need any further assistance.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Read and understand sk113479 then reorder / restructure your rules accordingly to match and drop the traffic if that is your objective.

CCSM R77/R80/ELITE
0 Kudos
PhoneBoy
Admin
Admin

What precise rule is allowing the traffic in question?
If it is not a simple TCP service, some packets must pass to properly classify the traffic before a final determination is made.
See also: https://phoneboy.org/2016/12/14/which-comes-first-the-ports-or-the-application-id/

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events