Latest reply on Nov 22, 2013 7:33 AM by mtuma

      I am fresh man to the McAfee Firewall. I saw some logs from the firewall. I dont understand that.


      "IP Filter Session Close" --- What does it mean?


      "Proxy Traffic End" --- What does it mean?

        Re: Event Info Question



          IP Filter Session Close simply means that a session that was allowed through the firewall using a Packet Filter (IP Filter) was closed either by timing out, or some device sending a fin or reset.


          Proxy Traffic End is the same thing but involves traffic through the proxy.



          Re: Event Info Question

            Accordingly, my system shows Proxy Traffic End. Does it mean that the session has been blocked.

            Re: Event Info Question

              I would expect a session being blocked by the firewall to result in an "ACL Deny" (if the traffic has hit a rule which explicitly denies access) or maybe something like a "Protocol Violation".


              Based on what Matt is saying these "IP Session Close" or "Proxy Traffic End" records are the firewall reacting to a status change on the part of the original client or server - either one party is timing out or it is issuing a 'fin' or 'reset' packet.



              Re: Event Info Question

                Yes Phil is correct. Proxy Traffic end means the connection was allowed, then closed out for some reason (timing out or fin or reset).