Whats is meaning of & how to resolve USG Security Policy log with msg="invalid state detected, DROP"
Options
Hi Zyxel-lads, on one of my USG60's event logs I'm seeing many msg="invalid state detected, DROP"
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
These are Security Policy log events ... these are all blocked by the default DENY rule.
Here's an example with localised stuff faked out... (ipv4 WAN src / dest. M.A.C"
<div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP" </b>note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others" </div><div>Feb 1 15:22:17 myrouter src="xxx.xxx.xxx.xxx: 64646" dst="my.usg60’s.wan1.ipv4:nnn" <b>msg="invalid state detected, DROP"</b> note="ACCESS BLOCK" user="unknown" devID="60319xxyyzz" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others"</div>
I'd like to know the meaning of this Policy Router default BLOCK and what is involved to resolve it.
Any clues?
Any help is thankfully received.
B/R
Warwick
Hong Kong
0
Comments
-
Hello Warwick,
The USG is stateful firewall, so if the session does not follow the standard of TCP protocol, the "invalid state detected, DROP" will occur. For example, during the communication, the USG is between Server and client, and if server just send the rest packet to usg to complete the connection, the client will still send the request to USG.(because client does not know server finished the communication) This will cause USG drop the client session and show "invalid state detected, DROP". Another case is that when the USG receive session from unknown user, the usg will drop this session.
Charlie1 -
Hi Charlie.. thanks for the great explanation.
My local fix: I've rectified the perfuse messages by correcting a Policy route tat was on error.
Thanks again mate!
warwick
Hong Kong0
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight