Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Disclaimer: This information is posted as-is and the content should be referenced at your own risk
Since SFOS v17.0, there is something called "Invalid Traffic" on XG.
There is a KBA for this topic: https://community.sophos.com/kb/en-us/131754
It's important to understand the TCP Handshake and how a Connection works in TCP.
There are couple explanations available on the internet.
Conntrack (The Connection tracking daemon on XG), will keep track of all Connections.
Most likely this is not any issue at all. If a service is not working fine on the server site, the client will kill a session immediately and such traffic will be displayed as invalid traffic
There is no issue on the XG at all. It is an issue with the Client / server.
Another point are such "clean up" processes.
XG keeps such sessions for 3 hours per default. After 3 hours idle, XG will delete this session. If the web server sends a RST packet after 5 hours, XG will drop such packets as invalid traffic.
You can increase the Conntrack Timeout value to 24 Hours. Or you could decide to disable such invalid traffic logging.
Personal opinion: I disable Invalid Traffic on all my XG Appliances, because I have no value for such logging.
Just a side note that invalid traffic logging is useful on only one instance IIRC : when there is asymmetric routing.