Outbound Apple push notifications blocked
All my USGs (50, 110, 210) block outbound Apple push notifications with log entries (about 15 of them every time a macOS machine boots) like the sample below:
x.x.x.x:51872 17.188.164.137:2196 alert secure-policy ACCESS BLOCK abnormal TCP flag attack detected, DROP
— I tried disabling TCP Decoder Protocol Anomalies in ADP, with no avail.
If you ever encountered a similar phenomenon, kindly advise.
Thank you.
All Replies
-
Can you explain further? I can't understand what's the requirement in your post.0
-
Thank you for replying — and sorry for being vague.
- First, I would like to know if other people noticed something similar.
- Secondly, I would like to understand why that traffic is being blocked (it seems legit to me).
- Thirdly, I would like to allow that traffic so the machines are able to contact APN servers on Apple’s 17.x.x.x block.
0 -
Hi @Kitone,
USG110/USG210
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: secure-policy abnormal_tcp_flag_detect deactivate
Enable detect: secure-policy abnormal_tcp_flag_detect activate
For example:
Router(config)# secure-policy abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show secure-policy status
secure-policy status: yes
secure-policy asymmetrical route status: no
secure-policy default rule: deny, log
secure-policy tcp flag detect: no
USG50
You need to upgrade to the latest date firmware to use the following commands.
I will send you the download link via private message.
Enter the CLI command to disable/enable abnormal tcp flags detect.
Disable detect: firewall abnormal_tcp_flag_detect deactivate
Enable detect: firewall abnormal_tcp_flag_detect activate
For example:
Router(config)# firewall abnormal_tcp_flag_detect deactivate
Router(config)# write
Router(config)# show firewall status
firewall status: yes
firewall asymmetrical route status: no
firewall default rule: deny, log
firewall tcp flag detect: no
0 -
Hello Zyxel_Emily,
Thank you for the answer. I'll try as per your advice and report on the outcome back here.
Thank you,
Kit0
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 221 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight