This article explains how to best configure Cloud Security when running in a load balanced environment where 'InvalidState' packets are observed.
- 5nine Cloud Security
InvalidState means these packets may be coming back from a different system to the one where the initial connection was made to. Because of this Stateful Packet Inspection (SPI) doesn’t recognize it.
This can happen in case you use load balancers for this system. To let this traffic come through, you would need to bypass SPI table by using AllowNoSPI rule. This option can be found in the Action drop down when adding a rule: