I see the following quite often in my log files:
action: drop
source: some website.com
destination: my firewall object
protocol: tcp
rule: Implicit drop rule
S_port: http
The Services are all different port numbers (typically very high).
These drops take up most of my log files. Why am I getting these hits to my firewall
object? My internal network is hiding behind my external interface of the firewall -
I am guessing that these are responses to workstations browsing the internet (guess).
How do I stop logging them, and is this something I need to be worried about?
Rodney Lacroix
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
