abnormal TCP traffic detected

Zyxel_Emily

Hi @USG_User,

The latest version for 4.72 is released.

https://community.zyxel.com/en/discussion/13548/zld-v4-72-wk20-firmware-release

USG_User

Thanks Emily,
Is already downloaded. Waiting for a gap to reboot USG.

Cheers
Joerg

USG_User

Hi Emily,

Now we've installed 4.72 WK25 and hope that the alert log (immediate email) for abnormal TCP traffic is done.

Where I could adjust the log opportunities for abnormal TCP traffic right now? I would guess at Log Settings >Edit System Log > Log Category "Security" > ADP settings (checkbox) for normal and/or Alert Logs, isn't it?

CHS

Abnormal TCP log setting removed from alert level. It will not send alert mail to me. It helps a lot. Thank you

Current status is inform level. At least I know USG received abnormal packets but not annoying mails.

USG_User

That's fine. I'm happy, too. But is the alert log functionality adjustable at log settings or is it permanently set to "no alert log"?

Zyxel_Stanley

Hi @USG_User
The "abnormal TCP traffic" is belonging to "Security Policy Control" category. It is unable to remove the log from normal log level, the reason is because the log is required for ICSA certification.
You can disable all of "Security Policy Control" log, then will not display "abnormal TCP traffic" anymore, but others Security Policy Control log will affect too. So it is not remcommend.

USG_User

Hi Stanley,

My intention is not to completely avoid any abnormal TCP traffic. There I have no problem with.
This thread is taking care about the alert log functionality only, where alert emails will be sent out immediately. But this has been solved and we are happy with right now.
Now I'm asked whether the FW update has a new option in log settings to enable/disable the log or alert log functionality when abnormal TCP traffic is detected. But it seems not. But not a big deal.