TCP SYN with data Threat logs

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

TCP SYN with data Threat logs

L0 Member

Hi Guys,


I receive hundreds of TCP SYN with data Threat Alerts from my BYOD zone every day. I was learning more about it and I understood that it is a TCP syn packet with data in its payload. However, as almost all of them seems to come from non-malicious sources, I am not sure if I should worry about it or just consider it as a false positive and tweak my firewall.

Any advice would be much appreciated.




Leandro Ramos


L7 Applicator

If the firewall detects a TCP packet with data and your Zone Protection profile is set to drop these, then I wouldn't think it is a false positive. It triggers the protection because the firewall sees these.


More information available at:


There is currently no way to inhibit these protections from writing to the Threat Logs, however, if you receive the alerts through a Log Forwarding profile, you can edit the profile so that these are not forwarded out using a Filter in PAN-OS 8.0:


(severity eq informational) and (threatid neq 8723)


Selective Log Forwarding


Video Tutorial

Hi Mivaldi,


Thank you very much for all the information provided.




Leandro Ramos

  • 2 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!