Security Service - Zyxel Community

How can I verify that the External Block List for IP Reputation has been fully updated?
Question : How can I verify that the External Block List for IP Reputation has been fully updated? Answer : Once the user clicks "Update Now" button to update the External Block List for IP Reputation. The message will show "Updating IP reputation external block list.". Once it is updated completely and will show "Update…
How do I set the block list in the IP Reputation Filter on the USG Flex H?
Question : How do I set the block list in the IP Reputation Filter on the USG Flex H? Answer: Navigate through Security Services > Reputation Filter > IP Reputation > Block List, and enter the IP you wish to block. Verification : To verify that the IP address can be blocked by the IP Reputation Filter.
How to check the URL if it's malicious?
Question: How to check the URL if it's malicious? Answer: You have two methods to check the URL. Go to Site-wide > Configure > Firewall > Security service > URL Threat Filter, input the URL to "Test Threat Category" and click Test. Go to this website https://threatintelligence.zyxel.com/checker, and navigate to URL…
Content filter is not working and show the log "Service in unavailable: query timeout"
Question: What can I do when content filter is not working and show the log "Service in unavailable: query timeout" Answer: It means the connection to McAfee server always times out. (Device cannot get some response from McAfee), resuting in browsing problem. Please domain zone forwarder 8.8.8.8 for two domain…
Why nude images still appearing in browser search results when using safesearch?
Question: Why nude images still appearing in browser search results when using safesearch? Answer: Please enable SSL inspection. SafeSearch needs to work with SSL Inspection, since all the search portal now is HTTPs.
How to check SSL inspection default port on USG FLEX H?
Question: How to check SSL inspection default port on USG FLEX H? Answer: Use the command to check inspection default port. usgflex500h> show state vrf main ssl-inspection default-port-state
How to bypass a site from malicious site on USG FLEX H?
Question: How to bypass a site from malicious site on USG FLEX H? Answer: To bypass a site from malicious site, go to Security Services > Reputation Filter > DNS Threat Filter/URL Threat Filter > Allow List. Click "+Add" and add the site to Allow List.
[Nebula USG FLEX H Series] Maximum Security Policy Rules per Model
Q: What is the maximum number of Rules allowed in the Security Policy in Nebula for each USG FLEX H Series Device? A: Max Firewall ACL Rule Number (= Secure Policy Number) 50H/HP = 500 100H/HP = 500 200H/HP = 2000 500H = 5000 700H = 10000 You may also refer to the user’s guide on pages 634 and 637 for this information.
Can I use USG FLEX H series as firewall router after Entry Defense Pack license expired?
Question: Can I use USG FLEX H series as firewall router after Entry Defense Pack license expired? Answer: Yes, even after the Entry Defense Pack license expires, your USG FLEX H series device can still function as a basic firewall and router. Here’s what remains functional: MONITOR System Statistics Network Status VPN…
What is the difference between IPS Prevention Mode and Detection Mode?
Question: What is the difference between IPS Prevention Mode and Detection Mode? Answer: Detection Mode Purpose: Monitors traffic and logs any suspicious activity without taking action to block or drop it. Behavior: Logs threats or events for administrator review. Does not interfere with traffic flow. Use Case: Useful…
Is a license required to block streaming sites?
Question: Is a license required to block streaming sites? Answer: To block streaming sites, we suggest you use App Patrol and Content Filtering. Application Patrol license and Web Filtering license are required. App Patrol: You can use App Patrol to block specific applications like BBC iPlayer. Create an application object…
What's the format of the external block list?
Question: What's the format of the external block list Answer: • Single IP 4.4.4.4 • CIDR 192.168.1.0/32 • IP range (1.2.3.4-1.2.3.100) If the external block list file contains any invalid entries, the Zyxel Device will not use the file.
Why Top 5 Applications and Top 5 Category on Security Dashboard were greyed out?
Question: Why Top 5 Applications and Top 5 Category on Security Dashboard were greyed out? Answer: Top 5 Applications display data when APP Patrol is used. Top 5 Categories display data when Content Filter is used.
Is it possible to bypass UTM feature by Domain name?
Symptom: Is it possible to bypass UTM feature by Domain name? Answer: Currently we only support "IP" as overall exception, You can only add the domain name allowed list to the content filter as well as DNS/URL threat filter.
How to enable a log for wan interface when the wan drops?
Question: How to enable a log for the WAN interface when the WAN drops? Answer: You can create a Policy Control rule to achieve this. For example: From: WAN, To: ZyWALL, Service: Any, Action: deny, Log Action: Log This rule will drop all incoming traffic from WAN to the firewall. To prevent this rule from affecting…
Client cannot access website through FLEX H sereis
Question: Client cannot access website through FLEX H sereis, It said DNS can't resovled, but the domain can be resolved through nslookup/dig Root cause: This is beacuse you used DNS over HTTPS, You would find queiry type65 in packets capture, such like ethertype IPv4 (0x0800), length 70: 192.168.121.33.47647 > 8.8.8.8.53:…
How to disable Sandbox on USG FLEX H?
Question: How to disable Sandbox on USG FLEX H? Answer: Go to Security Services > Sandbox, turn off the option "Enable Sandbox"
How to limit the use of an application (like Facebook) only to some devices on the network?
Question: How to limit the use of an application (like Facebook) only to some devices on the network? Answer: Create an APP patrol profile with allowing facebook. Please note taht the action is forward Apply the AAP patrol profile to a security policy You can specify source IP or user account as criteria
Priority of Security Policy and Application Patrol?
Application Patrol allows administrators to create profiles containing different applications that needs to be blocked. These application profiles are assigned to security policies in order to match traffic criteria. Both actions are in effect, however, the Security Policy action takes precedence over Application Patrol…
What Happens to Expired Secure WiFi Licenses?
When the USG FLEX H's Secure WiFi license expired: The number of managed APs will revert to the default of 8. All online APs will be disconnected and the first 8 that reconnect to the Firewall will become managed APs. Other APs show as disconnected in firewall but stay in managed mode with last provision retained. To know…

Welcome!

It looks like you're new here. Sign in or register to get started.