Whats is meaning of & how to resolve USG Security Policy log with msg="invalid state detected, DROP"
Hi Zyxel-lads, on one of my USG60's event logs I'm seeing many msg="invalid state detected, DROP"
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
<div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP" </b>note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others" </div><div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP"</b> note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others"</div>
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
0
Comments
-
Hello Warwick,
The USG is stateful firewall, so if the session does not follow the standard of TCP protocol, the "invalid state detected, DROP" will occur. For example, during the communication, the USG is between Server and client, and if server just send the rest packet to usg to complete the connection, the client will still send the request to USG.(because client does not know server finished the communication) This will cause USG drop the client session and show "invalid state detected, DROP". Another case is that when the USG receive session from unknown user, the usg will drop this session.
Charlie1 -
Hi Charlie.. thanks for the great explanation.
My local fix: I've rectified the perfuse messages by correcting a Policy route tat was on error.
Thanks again mate!
warwick
Hong Kong0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight