http_decoder: HTTP.Null.Session

From my fortinet firewall log messages, I found there were some " http.null.session" messages. I did google search and no details information about this signature. From fortinet website, it just said " traffic that does not comply with the protocol standard" . Where I can find the details about this signature? On the other hand, please see Log#5, the similar http.null.session message. I wondering why traffic direction from external interface to internal interface. It means the response from the server is invalid/ not comply the http standard? Here is the sample log from my firewall. Log Number 1 Last Activity 2013-02-07 14:41:49 Type ips Level alert Source Interface DMZ_Internal Source 192.168.18.96 Source Port 53166 Destination Interface DMZ-External Destination 220.181.125.191 Destination Port 80 Attack ID 107347977 Severity low Status reset Message http_decoder: HTTP.Null.Session Device Time 2013-02-07 14:41:49 Subtype signature Device ID XXXXXXXXXXXXXX Log ID 16384 Cluster ID XXXXXXXXXXXXXX_CID Timestamp 1360219309 Protocol 6 Policy ID 100 Service http Count 1 User N/A Group N/A VDom DMZ Log Number 5 Last Activity 2013-02-07 14:39:57 Type ips Level alert Source Interface DMZ-External Source 65.55.25.59 Source Port 80 Destination Interface DMZ_Internal Destination 192.168.205.19 Destination Port 1977 Attack ID 107347977 Severity low Status reset Message http_decoder: HTTP.Null.Session Device Time 2013-02-07 14:39:57 Subtype signature Device ID XXXXXXXXXXXXXX Log ID 16384 Cluster ID XXXXXXXXXXXXXX_CID Timestamp 1360219197 Protocol 6 Policy ID 4 Service 1977/tcp Count 1 User N/A Group N/A VDom DMZ