Appendix A – Disposition of Events
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
142
1. Abstract
Disposition of Events
The LVPN RouteFinder 3.2x provides logging capabilities for various types of Access requests to the product.
The logging is classified as follows:
•
Inbound Access Requests (LO1.A)
•
Outbound Access Requests (LO1.B)
•
Access Requests to Firewall Violating Security Policy (LO1.C)
•
Access Requests Through Firewall Violating Security Policy (LO1.D)
•
Administrative Authentication Log (LO1.E)
•
Admin Port Access Requests (LO1.F)
•
Startup History (LO1.G)
•
User Defined Logs.
•
Fragmented Packets Log. (ST6)
Access Request
An
Access Request
is the first packet arriving at the interface to which the security policy is applied. All subsequent packets
that are part of an ongoing session are not termed as access requests since an Access Request is the first packet that
establishes a session. Logging of an Access Request implies logging of the first packet of a session. Subsequent packets
are not logged.
Inbound Access Request
Each access request from the external network to the box for any services hosted by the box or hosted by an internal server
and have to pass through the firewall is termed as an inbound access request. Requests received on the WAN interface are
termed
inbound access request
. If the WAN interface is down and the dial backup PPP link is up, then a request received
on the PPP interface to the firewall will be termed
inbound request access
.
Access requests logged as Inbound Access Request correspond to LO1.A of Baseline module - version 4.0, ICSA Labs.
Figure 1 shows Inbound Access diagram
Figure 2 shows a snapshot of Inbound Access.
Figure 3 shows a snapshot of Inbound Access with DNAT and Connection Tracking.
Outbound Access Request
Each access request from the internal network (LAN/DMZ) to the external network (WAN) that passes through the firewall is
termed as an Outbound Access Request. All requests routed out through the WAN interface to servers connected on or
through the WAN Interface are considered
Outbound Access Requests
.
Access requests logged as Outbound Access Request correspond to LO1.B of Baseline module - version 4.0, ICSA Labs.
Figure 4 shows Outbound Access diagram.
Figure 5 shows a snapshot of Outbound Access
Figure 6 shows a snapshot of Outbound Access with connection tracking.
Access Requests through Firewall Violating Security Policy
An access request that traverses (routed through the firewall) but has to be dropped due to security restriction is logged as
Through Firewall dropped
.
Access requests logged as Access Request through Firewall Violating Security Policy correspond to LO1.C of Baseline
module - version 4.0, ICSA Labs
Figure 7 show a snapshot of Through Firewall Dropped.
Access Request to Firewall Violating Security Policy
An Access request to the firewall can be dropped due to security restrictions. Each of these access requests is logged as
To
Firewall Dropped
.
Access requests logged as Access Request to Firewall Violating Security Policy correspond to LO1.D of Baseline module -
version 4.0, ICSA Labs.
Figure 8 shows To Firewall dropped diagram.
Figure 9 shows a snapshot of To Firewall Dropped.
Administrative Authentication Log
All successful and failed attempts to login to the VPN can be logged. The attempts are logged as Administrative
Authentication Log.
Administrative Authentication Log corresponds to LO1.E of Baseline module - version 4.0, ICSA Labs.
Figure 10 shows a snapshot of Administrative Authentication Log.