abnormal TCP traffic detected


All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 911  Zyxel Employee
  • USG_User
    USG_User Posts: 318  Master Member
    Thanks Emily,
    Is already downloaded. Waiting for a gap to reboot USG.

  • USG_User
    USG_User Posts: 318  Master Member
    Hi Emily,
    Now we've installed 4.72 WK25 and hope that the alert log (immediate email) for abnormal TCP traffic is done.
    Where I could adjust the log opportunities for abnormal TCP traffic right now? I would guess at Log Settings >Edit System Log > Log Category "Security" > ADP settings (checkbox) for normal and/or Alert Logs, isn't it?
  • CHS
    CHS Posts: 155  Master Member
    Abnormal TCP log setting removed from alert level. It will not send alert mail to me. It helps a lot. Thank you :blush:
    Current status is inform level. At least I know USG received abnormal packets but not annoying mails.
  • USG_User
    USG_User Posts: 318  Master Member
    That's fine. I'm happy, too. But is the alert log functionality adjustable at log settings or is it permanently set to "no alert log"?
  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,145  Zyxel Employee
    Hi @USG_User
    The "abnormal TCP traffic" is belonging to "Security Policy Control" category. It is unable to remove the log from normal log level, the reason is because the log is required for ICSA certification.
    You can disable all of "Security Policy Control" log, then will not display "abnormal TCP traffic" anymore, but others Security Policy Control log will affect too. So it is not remcommend.
  • USG_User
    USG_User Posts: 318  Master Member
    Hi Stanley,
    My intention is not to completely avoid any abnormal TCP traffic. There I have no problem with.
    This thread is taking care about the alert log functionality only, where alert emails will be sent out immediately. But this has been solved and we are happy with right now.
    Now I'm asked whether the FW update has a new option in log settings to enable/disable the log or alert log functionality when abnormal TCP traffic is detected. But it seems not. But not a big deal.

Security Highlight