Security Service - Zyxel Community

Why is the Content Filter not working and unable to block certain websites?
Question : Why is the Content Filter not working and unable to block certain websites? Answer : Because the website may rely on DNS over HTTPS/TLS packets, the user needs to select the "drop" action for the "Action When Detecting DNS over HTTPS/TLS Packets" option in the DNS Threat Filter function.
Allowing Specific Hosts to Access Blocked Applications Using Application Patrol
Overview This guide explains how to configure Application Patrol on a Zyxel firewall (such as ATP 500) to block applications for all network users while allowing access for specific IP addresses. Scenario You want to restrict access to certain application categories (such as YouTube) for all users on your network except…
Why am I seeing "hash query internal error: network(curl) error!"?
Question: Why am I seeing "hash query internal error: network(curl) error!"? Answer: Please check this domain can be resovled "nslookup api.defense-center.cloud.zyxel.com" also responed time when you saw logs. If the result is good and the response speed is well. Please contact us for further checking.
What is the meaning of the Threshold of Flood Detection in ADP?
Question : What is the meaning of the Threshold of Flood Detection in ADP? Answer : Threshold means the number of packets per second that match the flood detection criteria. For instance, if over 1000 ICMP packets are sent from an IP address per second, the IP will be blocked by the ICMP Flood protection of DoS Prevention…
How to Configure DNS Content Filter (On-Premises)
Background With increased browser support, users are encouraged to switch to TLS 1.3 due to its enhanced security features. However, websites using TLS 1.3 may not be categorized by URL content filtering without enabling SSL inspection. To address this limitation, DNS query-based categorization can be used as an…
Destination Address have been blocked due to flooding detection
Question: My server which exposed internet have been blocked from Firewall due to flooding detection Answer: The flooding detection will block destination IP.
How to block a specific device using the Device Insight block list?
Scenario : The user may want to block a specific device, and this article will guide you on how to use the Device Insight block list to achieve this purpose. Answer : Navigate to Configuration > Object >Device Insight > Enable this feature. Navigate to Monitor > Network Status > Device Insight > Select the device that you…
How to check historically suspicious IP addresses using the Country Map in Secureporter?
Question: The firewall may detect some security-related event logs, and users may want to check historically suspicious source IPs using the Country Map feature in Secureporter. This article will guide you on how to do that. Answer : Step 1: Please ensure the on-premise firewall is already connected to SecuReporter. Step…
Why are some URLs blocked even after adding them to the whitelist?
Scenario: I have setup some of DNS Content Filter categories as block rule first, and then I add multiple URL into "Allow List", but the website still blocked by DNS Content Filter rule. Answer: This issue might be occurring because the DNS content filter works by using DNS cache. When you add URLs to the "Allow List",…
How can I check SSL Inspection traffic statistics via the GUIon USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the GUI on USG Flex and ATP models? Answer : Please navigate Monitor > Security Statistics > SSL Inspection to check it.
How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models?
Question : How can I check SSL Inspection traffic statistics via the CLI on USG Flex and ATP models? Answer : Please issue the CLI command "show ssl-inspection statistics collect" to check it.
How do I find the MD5 hash value from the log message?
Scenario : The user may want to find the MD5 hash value for a specific file from the log message. How can they find this? Answer : The MD5 hash value is composed of 32 digits with letters and numbers. The user can easily find it in the log message. As shown in below :
How do I add the MD5 hash value to the allow list of the Anti-Malware?
Question : The user may need to add the MD5 hash value to the allow list of the Anti-Malware in specific situations such as false positive detection (as shown below). How to execute it? Answer : Please navigate to Security Service > Anti-Malware > Block/Allow List > To add an MD5 Hash value with 32 characters. The related…
How to block the Application which is not listed in App partol
Question: How to block the Application which is not listed in App partol? Answer: Those apps might have been developed locally and are not available worldwide, so App Patrol does not include them. You can try blocking them using custom URLs or FQDN objects in the content filter. Note: You can ask the developer for the IP…
Why did EICAR test fail to block successfully?
Question: Why did EICAR test fail to block successfully? I have checked everything is enabled. Answer: The EICAR testing following the specific string. Please check the file you tested have
How to disable IDP system protect?
Question: I want to disable IDP system protect, how can I do it? Answer: IDP system protect is enable by default, and web GUI does not have the option to disable. Please disable it with CLI Router#configure terminal Router(config)# idp system-protect deactivate Router(config)# write Router(config)# show idp system-protect…
Why request applying the content filter profile to ZyWall when applying to LAN_outgoing?
Scenario: When I apply a content filter profile to LAN_outgoing rule, a message pops out and requests applying it to Zywall as well. What does it mean? Answer: It's more like a reminder note instead of a warning error. For DNS content filter profile, you need to apply it to two security policies to make it work, that is,…
Why I get blocked by Zyxel Certificate when accessing website?
Scenario: When accessing websites, I encnounter difficulties for connecting to websites, and it shows the certificate is untrusted. Answer: dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website…
How can I troubleshoot if UTM feature not work as expected
Please verity the status of UTM activation using CLI: 1)Show the UTM service status Router(config)# show security-service status 2)if the activation is no which means the the feature won't work, Please perform following CLI to enable. Router(config)# security-service {UTM Name} activate For example: Router(config)#…
How to switch security policy style from advance to general?
If you need to switch the security policy style, follow these steps: Remove all UTM profiles except Content Filter and App Patrol from security policy rules. Ensure to de-apply the Email Security and Anti-Malware profiles in security policy rules. Verify the status using the command. Router(config)# show security-service…

Welcome!

It looks like you're new here. Sign in or register to get started.