Dear zabbix support,

first of all thank you for your great tool !

I have an issue with the encrypted communication between zabbix server and zabbix agent in passive mode. I am getting lots of alert from our Intrusion Detection Tool Suricata about zabbix communication : SURICATA STREAM FIN2 invalid ack.

Is that a knonw issue in Zabbix ? Is there a workaround ?

I am using zabbix 4.2.6.

See the alert from Suricata.

{"timestamp":"2020-07-17T03:16:08.849805+0200","flow_id":1970573864203604,"event_type":"alert","src_ip":"10.20.100.12","src_port":35758,"dest_ip":"10.20.100.68","dest_port":10050,"proto":"TCP","metadata":{"flowints":{"tcp.retransmission.count":17}},"alert":

{"action":"allowed","gid":1,"signature_id":2210036,"rev":2,"signature":"SURICATA STREAM FIN2 invalid ack","category":"Generic Protocol Command Decode","severity":3}

,"tls":{"subject":"CN=zabbix-agent\/O=PF_PPROD\/C=FR","issuerdn":"CN=PF_PPROD\/O=PPROD\/C=FR","serial":"24:6F:4E:AF:1A:D3:81:F9","fingerprint":"9d:76:30:f6:81:72:d4:1d:01:2d:40:79:5a:1b:0a:29:1a:ec:1d:13","version":"TLS 1.2","notbefore":"2020-04-20T20:03:14","notafter":"2022-04-20T20:03:14","ja3":{}},"app_proto":"tls","flow":{"pkts_toserver":36,"pkts_toclient":28,"bytes_toserver":18864,"bytes_toclient":17146,"start":"2020-07-17T03:13:17.652628+0200"}}

thank you,
best regards