- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
I was studying logs for a VOIP connection and i came across a few logs where Action is Blank in the log table ..also noticed the direction arrow on the interface is reversed and rule no is also missing for these.
attaching a screenshot below..would like to understand what are these for and do they suggest an issue ?
When you open up the log card on those logs, what does it say?
there is no message like allowed or denied..it just states source ,destination and traffic from src to dst over 5061..
i was wondering if it somehow signifies return traffic looking at the direction on the bond interface..for all these absent action entries the direction is reversed on the bond interface
I'm assuming this is related to an existing SIP session and you're logging individual connections versus consolidating into sessions.
In which case the "Accept" rule is implied since it's being permitted via the state table and not an explicit rule.
Hey PB, I have recently noticed these types of log entries as well and was also curious why I don't understand. I *thought* I understood that a packet arriving at the gateway for an established connection already in the state table was not logged. But if the packet is a SYN request for a new connection it would be logged? And if there were already an entry in the state table for this connection that would indicate improver tear down on the prior connection? Is something strange going on here like a packet without a proper sequence number? But wouldn't that be dropped? A SYN packet that somehow randomly matches the sequence number of another connection in the state table?
I attached what I think you were asking for RE "Log Card" on an example.
Also I have to admit I'm not sure I have any experience with "logging individual connections versus consolidating into sessions", can you provide me a SK number or something?
Thanks for all of your good work --
Can you please expose the timestamps in your first screenshot showing multiple logs? It looks like the two "blank" connections are associated with the "Accept" that follows but matching on different service objects. Almost like it has something to do with "Match for Any" or even Smart Connection reuse. Also on the rule that is creating the log entry with the "Accept", please right click and click More in that rule's Track column to expose the hidden Log Generation options that are set. Looks like you only have "per Connection" set but I want to make sure. I'll be talking about these hidden Log Generation options in my upcoming speech at CPX.
I seen these types of logs many times even with TAC on the phone when troubleshooting, but would be nice to know what they actually mean. I cant really follow any logic as far as times/occasion when they show up. Seen them for https inspection, voip, vpn...
Was there any news or explanation to this? Also having same in my logs without any matching Rule nor any accept log entries before these "connection" log entries. Wondering where these are coming from and how they can occur without having SYN packets received at all (no SYN packets for session establishing in last 7 days at all). Noticing this for tcp/631 ports instead of SIP.
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 7 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealThu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASETue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeThu 02 Jul 2026 @ 06:00 PM (CST)
Revolucionando la Seguridad con IA Generativa: Prevención Inteligente en Tiempo RealAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY