Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 1593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New Install/User Lots Of Blocks from my Unifi Access Points?

Martyn Campbell

Hi,

This is a new install and have some issues with the firewall logging alot of entries from my UniFi AP's the screenshot below is from one of the 3 AP's I have but they all say the same.  I have a LAN to LAN firewall rule and the AP's are in a LAN Zone.  Can anyone help please?

Many Thanks!

 



This thread was automatically locked due to age.
Parents
  • 0

    Take a look at this.

    You will need to bypass stateful firewall for the Unifi devices.

  • 0 in reply to Prism

    Hi,

     

    Thanks for your swift reply! 

    I am not sure this is applicable to me as I do not use a USG I just have 3 Access Points 

     

  • 0 in reply to Martyn Campbell

    I am actually seeing a lot of blocked LAN to LAN traffic in general (192.18.0.44 is my Sophos Installation & 192.168.0.3 is my Desktop PC)

    Is there a way to completely unblock LAN to LAN traffic or is that not advisable?

     

     

  • 0 in reply to Martyn Campbell

    Hi Martyn.

     

    I am using UniFi as well and have the same message in the logs. It seems that the access points send request but dosen't get a reply or trying to use a dead connection. But there is no issue. It works fine.

     

     

    you will see the same errors using UniFi devices in all firewalls (if you are logging the message that is)

    Here is a reply in a UniFi forum:

    "

    They are being logged as invalid since the TCP session has already been closed.  These would be the final acknowledgment that the session has been closed and is not actually needed to be received.  By this point the firewall had already seen a FIN sent by both sides indicating the session is indeed closed and had removed the session from its tracking.

     

    Any packets for a session not known by the firewall will be considered to be an 'invalid' state, which is exactly what is happening with the packet being logged here.  You can generally ignore these."

    To sum things up, you can Ignore the errors in the logs from UniFI devices, but there is a thing, If you are using teh IPS and they don't come online in the controller then look in to the IPS logs:).

     

    //Rickard

Reply
  • 0 in reply to Martyn Campbell

    Hi Martyn.

     

    I am using UniFi as well and have the same message in the logs. It seems that the access points send request but dosen't get a reply or trying to use a dead connection. But there is no issue. It works fine.

     

     

    you will see the same errors using UniFi devices in all firewalls (if you are logging the message that is)

    Here is a reply in a UniFi forum:

    "

    They are being logged as invalid since the TCP session has already been closed.  These would be the final acknowledgment that the session has been closed and is not actually needed to be received.  By this point the firewall had already seen a FIN sent by both sides indicating the session is indeed closed and had removed the session from its tracking.

     

    Any packets for a session not known by the firewall will be considered to be an 'invalid' state, which is exactly what is happening with the packet being logged here.  You can generally ignore these."

    To sum things up, you can Ignore the errors in the logs from UniFI devices, but there is a thing, If you are using teh IPS and they don't come online in the controller then look in to the IPS logs:).

     

    //Rickard

Children