Outbound Apple push notifications blocked
All my USGs (50, 110, 210) block outbound Apple push notifications with log entries (about 15 of them every time a macOS machine boots) like the sample below:
x.x.x.x:51872 17.188.164.137:2196 alert secure-policy ACCESS BLOCK abnormal TCP flag attack detected, DROP
— I tried disabling TCP Decoder Protocol Anomalies in ADP, with no avail.
If you ever encountered a similar phenomenon, kindly advise.
Thank you.
All Replies
-
Can you explain further? I can't understand what's the requirement in your post.0
-
Thank you for replying — and sorry for being vague.
- First, I would like to know if other people noticed something similar.
- Secondly, I would like to understand why that traffic is being blocked (it seems legit to me).
- Thirdly, I would like to allow that traffic so the machines are able to contact APN servers on Apple’s 17.x.x.x block.
0 -
Hi @Kitone,
USG110/USG210
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: secure-policy abnormal_tcp_flag_detect deactivate
Enable detect: secure-policy abnormal_tcp_flag_detect activate
For example:
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show secure-policy status
secure-policy status: yes
secure-policy asymmetrical route status: no
secure-policy default rule: deny, log
secure-policy tcp flag detect: no
USG50
You need to upgrade to the latest date firmware to use the following commands.
I will send you the download link via private message.
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: firewall abnormal_tcp_flag_detect deactivate
Enable detect: firewall abnormal_tcp_flag_detect activate
For example:
Router(config)# firewall abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show firewall status
firewall status: yes
firewall asymmetrical route status: no
firewall default rule: deny, log
firewall tcp flag detect: no
0 -
Hello Zyxel_Emily,
Thank you for the answer. I'll try as per your advice and report on the outcome back here.
Thank you,
Kit0
Categories
- All Categories
- 384 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 79 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 909 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 898 Nebula FAQ
- 415 Security FAQ
- 234 Switch FAQ
- 205 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight