Connection states
The following states are used in the State column in the Connections view and (in part) in the Logs view with info messages or logs on the closing of connections.
They reflect the standard states regarding the initiation and termination of TCP connections as seen by the firewall in the transmissions. The following table lists the possible states.
| State | Description |
|---|---|
| CP established | Forcepoint NGFW cluster protocol packet is recognized. |
| ICMP echo | Ping reply is expected. |
| ICMP reply wait | Other ICMP request or reply types. |
| Invalid | The communication has violated the protocol. |
| IPsec established | IPsec tunnel packet is recognized. |
| New | New connection is being opened. |
| Related | New connection related to an existing one is expected soon. |
| Remove | Connection cannot be physically removed yet. |
| Remove soon | Expecting to still see some packets (multiple reset packet), so delaying the removal for a few seconds. Eliminates unnecessary packet filtering and possible logging of dropped packets. |
| TCP close wait | One end of the connection waits for the FIN packet (passive close). |
| TCP close wait ack | Waiting for ACK for the FIN before going to close wait status (passive close). |
| TCP closing | Closing packet (FIN) sent by one end of the connection (simultaneous). |
| TCP closing ack | Waiting for ACK for the FIN before going to closing status (active close). |
| TCP established | Normal status of TCP connections for data transfer. |
| TCP fin wait 1 | One end of the connection waits for sending the FIN packet (active close). |
| TCP fin wait 2 | One end of the connection waits for receiving ACK packet. |
| TCP last ack | One end of the connection sent a FIN packet (passive close). |
| TCP last ack wait | Waiting for the FIN packet to be acknowledged. |
| TCP syn ack seen | Second phase of the TCP three-way handshake, the server has replied to client sent SYN with SYN+ACK, next status will be established. |
| TCP syn fin seen | T/TCP (Transactional TCP) connection, RFC 1644. |
| TCP syn return | Received simultaneous SYN from the other end (simultaneous open). |
| TCP syn seen | First packet sent by one end of the connection. |
| TCP time wait | One end of the connection acknowledged closing packet (FIN). |
| TCP time wait ack | Waiting for ACK for the FIN status before going to time wait status (active close). |
| UDP established | UDP connection is recognized. |
| Unknown established | Connection from other transport level protocol. |