Whats is meaning of & how to resolve USG Security Policy log with msg="invalid state detected, DROP"
Hi Zyxel-lads, on one of my USG60's event logs I'm seeing many msg="invalid state detected, DROP"
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
<div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP" </b>note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others" </div><div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP"</b> note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others"</div>
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
0
Comments
-
Hello Warwick,
The USG is stateful firewall, so if the session does not follow the standard of TCP protocol, the "invalid state detected, DROP" will occur. For example, during the communication, the USG is between Server and client, and if server just send the rest packet to usg to complete the connection, the client will still send the request to USG.(because client does not know server finished the communication) This will cause USG drop the client session and show "invalid state detected, DROP". Another case is that when the USG receive session from unknown user, the usg will drop this session.
Charlie1 -
Hi Charlie.. thanks for the great explanation.
My local fix: I've rectified the perfuse messages by correcting a Policy route tat was on error.
Thanks again mate!
warwick
Hong Kong0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 114 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 65 Switch Ideas
- 901 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 831 Nebula FAQ
- 401 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight