Security Service - Zyxel Community

Destination Address have been blocked due to flooding detection
Question: My server which exposed internet have been blocked from Firewall due to flooding detection Answer: The flooding detection will block destination IP.
How to block a specific device using the Device Insight block list?
Scenario : The user may want to block a specific device, and this article will guide you on how to use the Device Insight block list to achieve this purpose. Answer : Navigate to Configuration > Object >Device Insight > Enable this feature. Navigate to Monitor > Network Status > Device Insight > Select the device that you…
How to check historically suspicious IP addresses using the Country Map in Secureporter?
Question: The firewall may detect some security-related event logs, and users may want to check historically suspicious source IPs using the Country Map feature in Secureporter. This article will guide you on how to do that. Answer : Step 1: Please ensure the on-premise firewall is already connected to SecuReporter. Step…
Why are some URLs blocked even after adding them to the whitelist?
Scenario: I have setup some of DNS Content Filter categories as block rule first, and then I add multiple URL into "Allow List", but the website still blocked by DNS Content Filter rule. Answer: This issue might be occurring because the DNS content filter works by using DNS cache. When you add URLs to the "Allow List",…
How can I check SSL Inspection traffic statistics via the GUIon USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the GUI on USG Flex and ATP models? Answer : Please navigate Monitor > Security Statistics > SSL Inspection to check it.
How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models? Answer : Please issue the CLI command "show ssl-inspection statistics collect" to check it.
How do I find the MD5 hash value from the log message?
Scenario : The user may want to find the MD5 hash value for a specific file from the log message. How can they find this? Answer : The MD5 hash value is composed of 32 digits with letters and numbers. The user can easily find it in the log message. As shown in below :
How do I add the MD5 hash value to the allow list of the Anti-Malware?
Question : The user may need to add the MD5 hash value to the allow list of the Anti-Malware in specific situations such as false positive detection (as shown below). How to execute it? Answer : Please navigate to Security Service > Anti-Malware > Block/Allow List > To add an MD5 Hash value with 32 characters. The related…
How to block the Application which is not listed in App partol
Question: How to block the Application which is not listed in App partol? Answer: Those apps might have been developed locally and are not available worldwide, so App Patrol does not include them. You can try blocking them using custom URLs or FQDN objects in the content filter. Note: You can ask the developer for the IP…
Why did EICAR test fail to block successfully?
Question: Why did EICAR test fail to block successfully? I have checked everything is enabled. Answer: The EICAR testing following the specific string. Please check the file you tested have
How to disable IDP system protect?
Question: I want to disable IDP system protect, how can I do it? Answer: IDP system protect is enable by default, and web GUI does not have the option to disable. Please disable it with CLI Router#configure terminal Router(config)# idp system-protect deactivate Router(config)# write Router(config)# show ip system-protect…
Why request applying the content filter profile to ZyWall when applying to LAN_outgoing?
Scenario: When I apply a content filter profile to LAN_outgoing rule, a message pops out and requests applying it to Zywall as well. What does it mean? Answer: It's more like a reminder note instead of a warning error. For DNS content filter profile, you need to apply it to two security policies to make it work, that is,…
Why I get blocked by Zyxel Certificate when accessing website?
Scenario: When accessing websites, I encnounter difficulties for connecting to websites, and it shows the certificate is untrusted. Answer: dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website…
How can I troubleshoot if UTM feature not work as expected
Please verity the status of UTM activation using CLI: 1)Show the UTM service status Router(config)# show security-service status 2)if the activation is no which means the the feature won't work, Please perform following CLI to enable. Router(config)# security-service {UTM Name} activate For example: Router(config)#…
How to switch security policy style from advance to general?
If you need to switch the security policy style, follow these steps: Remove all UTM profiles except Content Filter and App Patrol from security policy rules. Ensure to de-apply the Email Security and Anti-Malware profiles in security policy rules. Verify the status using the command. Router(config)# show security-service…
How to check the statistics of the App Patrol through the Web GUI and CLI?
Question : When users configure the App Patrol feature by applying it to firewall rules, they may want to monitor application statistics information. This article will guide users on how to check the statistics of the App Patrol through the Web GUI and CLI. Answer : Please navigate to the Web-GUI path: Monitor > Security…
Why can't I access the websites? It appears to be unexpectedly blocked by the firewall
Scenario : Why can't I access websites? Such as Youtube. If checking the returned certificate notice the DNS name is dnsft.cloud.zyxel.com. It appears to be unexpectedly blocked by the Zyxel firewall. Answer : There is a way to diagnose this problem. STEP1. Please use the CLI "nslookup www.youtube.com 8.8.8.8" to check if…
[FLEX/ATP]Why does UTM feature on USG sometimes not work as expected?
Question: During working hours, sometimes we can access web sites which are not allow to access based on the profile of content filter. The content filter doesn’t seem to work. Moreover, Anti-virus also does not work at the same time. Why does UTM feature on USG sometimes not work as expected? Answer: The device goes into…
Show System Protection Signature in Zyxel USG FLEX / ATP
What's System Protection: System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross- site scripting and path traversal. Checking the signature: Using the GUI Using the CLI
How do I use IPS to block the download of a file that includes the EICAR string?
Scenario : The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it. Answer : Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated Try to download a file containing an EICAR string via…

Welcome!

It looks like you're new here. Sign in or register to get started.