If you think the zywall is good, maybe you can help me with a problem I'm having.
We run an Open Directory server on a mac mini. This mac mini is also the DNS for our VLAN (192.168.3.100-255).
On most computers the internet runs smoothly. I have, however, two computers that have intermittent problems with getting response from the DNS, because they're not retrieving webpages. I can connect with remote desktop etc. just fine though. The computers all get an IP address from the DHCP (also on the zywall)
Together with the Network guys I figured out the clients that have problems are being blocked for polling one of apple's servers too often.
Zywall Logs:
180 | 2016-06-14 19:46:45 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:53268 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:46:18 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:53253 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:46:09 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:53250 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:46:06 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:53249 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:46:02 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:53220 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:35:38 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:52435 | 17.167.146.12:443 | ACCESS BLOCK |
| 2016-06-14 19:35:11 | alert | Security Policy Control | abnormal TCP flag attack detected, DROP | 192.168.3.174:52421 | 17.167.146.12:443 | ACCESS BLOCK |
When these log entries manifest I am also not able to ping to google from these computers.
The network guy was supposed to update the firmware to the zywall tonight. ZyXEL support told us to update it to the latest build before they could help us. Apparently they are aware of the issue.
I tried the solution suggested here, but unfortunately it's not the definite solution..
http://labs.hoffmanlabs.com/node/1920
I'd hate to have to get a second firewall just to block one IP address.