- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-29-2023 07:54 PM
Hello All,
I'm a bit confused to understand the exact process. When monitoring the traffic from an external source ip (malicious one) and checking the logs in Pano see that session end reason was "tc-fin" and type was either "drop or end" with action being "allowed".
Does this mean that , traffic has been blocked by the firewall or dropped by the firewall ?
In what cases, can I come to know if the traffic is allowed and a session made by a external suspicious ip towards internal IP
Please help me in this clarification.
06-30-2023 12:15 AM
tcp-fin means the session was graciously ended, which means the initial connection was allowed
a session that was blocked will have 'deny' or 'drop' in the action
'end' in the type is an allowed session, 'drop' or'deny' in the type is a blocked session
can you please provide a screenshot of what you're seeing?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!