Author Topic: Decoding Firewall Logs  (Read 800 times)

mragd0168

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Decoding Firewall Logs
« on: August 17, 2016, 11:46:00 am »
Hi good morning to all

I am new to Junos and trying to resolve a connectivity issue.  Here is the log on my firewall SRX3600. 
Does this mean traffic is hitting my firewall but the destination host is not responding or something else?  Anyone has experienced this log on their SRX?

reason="TCP SERVER RST

Appreciate any insight on this matter. 

here is the log that I've captured:

Aug 17 12:45:46 PHFW2 1 2016-08-17T11:46:00.333Z PHFW2-node0 RT_FLOW - RT_FLOW_SESSION_CREATE_LS [junos@2636.1.1.1.2.34 logical-system-name="FW01" source-address="192.168.1.1" source-port="19642" destination-address="10.20.20.20" destination-port="1972" service-name="None" nat-source-address="192.168.1.1" nat-source-port="19642" nat-destination-address="10.10.10.1" nat-destination-port="1972" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="destination rule" dst-nat-rule-name="NAT_DESTINATION_10-20-20-20" protocol-id="6" policy-name="UNTRUST2TRUST" source-zone-name="UNTRUST" destination-zone-name="TRUST" session-id-32="140449808" username="N/A" roles="N/A" packet-incoming-interface="reth5.914" application="UNKNOWN" nested-application="UNKNOWN" encrypted="UNKNOWN"]

Aug 17 12:45:48 PHFW2 1 2016-08-17T11:46:01.933Z PHFW2-node0 RT_FLOW - RT_FLOW_SESSION_CLOSE_LS [junos@2636.1.1.1.2.34 logical-system-name="FW01" reason="TCP SERVER RST" source-address="192.168.1.1" source-port="19642" destination-address="10.20.20.20" destination-port="1972" service-name="None" nat-source-address="192.168.1.1" nat-source-port="19642" nat-destination-address="10.10.10.1" nat-destination-port="1972" src-nat-rule-type="N/A" src-nat-rule-name="N/A" dst-nat-rule-type="destination rule" dst-nat-rule-name="NAT_DESTINATION_10-20-20-20" protocol-id="6" policy-name="UNTRUST2TRUST" source-zone-name="UNTRUST" destination-zone-name="TRUST" session-id-32="140449808" packets-from-client="5" bytes-from-client="267" packets-from-server="4" bytes-from-server="186" elapsed-time="2" application="UNKNOWN" nested-application="UNKNOWN" username="N/A" roles="N/A" packet-incoming-interface="reth5.914" encrypted="UNKNOWN"]