09-10-2019 09:49 PM - edited 02-21-2020 09:29 AM
Hi All,
Noticed a TCP tear down on my Firewall which came from a anonymous Outside IP and also it deleted few logs
Source was an Outside IP and destination was a client machine
could not find anything on the machine
could anyone help me understand this and how to fix it
I am worried
Solved! Go to Solution.
09-11-2019 08:01 AM
if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in.
same apply for the DMZ (nameif dmz).
i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.
09-11-2019 08:01 AM
if your client was as inside domain (nameif inside) in that case ASA act as a statefull firewall means outside connection coming to inside will be block and log in syslogs. unless you have define a access-list on outside interface to let the outside traffic coming in.
same apply for the DMZ (nameif dmz).
i think the log you see is someone from outside try to access inside. but the firewall block the connection as said earlier it act as a statefull firewall.
09-11-2019 09:59 PM
Hi Sheraz,
Thanks a lot for clarifying on this and I am relieved now
But noticed that this event had deleted few logs on the firewall
any idea on this
09-12-2019 12:45 AM
by default as does not keep the logs unless you off load them on the syslog server. if you need to do so follow this link
09-12-2019 01:13 AM
thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide