Outbound Apple push notifications blocked
All my USGs (50, 110, 210) block outbound Apple push notifications with log entries (about 15 of them every time a macOS machine boots) like the sample below:
x.x.x.x:51872 17.188.164.137:2196 alert secure-policy ACCESS BLOCK abnormal TCP flag attack detected, DROP
— I tried disabling TCP Decoder Protocol Anomalies in ADP, with no avail.
If you ever encountered a similar phenomenon, kindly advise.
Thank you.
All Replies
-
Can you explain further? I can't understand what's the requirement in your post.0
-
Thank you for replying — and sorry for being vague.
- First, I would like to know if other people noticed something similar.
- Secondly, I would like to understand why that traffic is being blocked (it seems legit to me).
- Thirdly, I would like to allow that traffic so the machines are able to contact APN servers on Apple’s 17.x.x.x block.
0 -
Hi @Kitone,
USG110/USG210
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: secure-policy abnormal_tcp_flag_detect deactivate
Enable detect: secure-policy abnormal_tcp_flag_detect activate
For example:
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show secure-policy status
secure-policy status: yes
secure-policy asymmetrical route status: no
secure-policy default rule: deny, log
secure-policy tcp flag detect: no
USG50
You need to upgrade to the latest date firmware to use the following commands.
I will send you the download link via private message.
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: firewall abnormal_tcp_flag_detect deactivate
Enable detect: firewall abnormal_tcp_flag_detect activate
For example:
Router(config)# firewall abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show firewall status
firewall status: yes
firewall asymmetrical route status: no
firewall default rule: deny, log
firewall tcp flag detect: no
0 -
Hello Zyxel_Emily,
Thank you for the answer. I'll try as per your advice and report on the outcome back here.
Thank you,
Kit0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight