1 Reply Latest reply on Dec 2, 2014 3:19 AM by smasnizk

    difference between session end and session drop in MFE 8.3.2

    yerkogofes

      hi team,

       

       

           I need information about the following logs:

       

       

      2014-11-23 11:11:23 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

      hostname: sinacofi1.rbi.cl event: session drop application: FTP

      netsessid: 559155471eb0b src_geo: CL srcip: 168.231.1.15 srcport: 25458

      srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7 dstport: 21

      dstzone: external rule_name: ftp-lab-interside cache_hit: 0

      start_time: 2014-11-23 11:11:23 -0300

       

       

      2014-11-23 11:26:02 -0300 f_kernel_ipfilter a_general_area t_nettraffic p_major

      hostname: sinacofi1.rbi.cl event: session end application: FTP

      netsessid: c7c8f5471ee79 src_geo: CL srcip: 168.231.1.15 srcport: 37175

      srczone: internal protocol: 6 dst_geo: CL dstip: 163.250.1.7

      dstport: 52822 dstzone: external bytes_written_to_client: 7102

      bytes_written_to_server: 0 rule_name: ftp-lab-interside cache_hit: 0

      start_time: 2014-11-23 11:26:01 -0300

       

       

      Whats is the diference to event: session end application: FTP and event: session drop application: FTP ?

      whats happen whit this connections?

       

       

           If is necessary open a new Service Request, please let me know and help me with this  questions, because we have a issue with FTP transfers in the network and these connections pass throught across the firewall  (MFE).

        • 1. Re: difference between session end and session drop in MFE 8.3.2
          smasnizk

          Hi Yerko,

           

          the main difference is that "event: session end" basically identify an successful connection where the data is arrived and confirmed with an ACK by client/destination. The "event: session drop"  is related to a connection that is dropped by reaching time out threshold or the Firewall receive an RST packet to drop the connection. It is suggested to check tcpdumps on incoming and outgoing interfaces for the connection that can be reproduced as failed/dropped connection.

           

          Regards,

          Sergej