-
How do I add the MD5 hash value to the allow list of the Anti-Malware?
Question : The user may need to add the MD5 hash value to the allow list of the Anti-Malware in specific situations such as false positive detection (as shown below). How to execute it? Answer : Please navigate to Security Service > Anti-Malware > Block/Allow List > To add an MD5 Hash value with 32 characters.
-
How to block the Application which is not listed in App partol
Question: How to block the Application which is not listed in App partol? Answer: Those apps might have been developed locally and are not available worldwide, so App Patrol does not include them. You can try blocking them using custom URLs or FQDN objects in the content filter. Note: You can ask the developer for the IP…
-
Why did EICAR test fail to block successfully?
Question: Why did EICAR test fail to block successfully? I have checked everything is enabled. Answer: The EICAR testing following the specific string. Please check the file you tested have
-
How to disable IDP system protect?
Question: I want to disable IDP system protect, how can I do it? Answer: IDP system protect is enable by default, and web GUI does not have the option to disable. Please disable it with CLI Router#configure terminal Router(config)# idp system-protect deactivate Router(config)# write Router(config)# show ip system-protect…
-
Why request applying the content filter profile to ZyWall when applying to LAN_outgoing?
Scenario: When I apply a content filter profile to LAN_outgoing rule, a message pops out and requests applying it to Zywall as well. What does it mean? Answer: It's more like a reminder note instead of a warning error. For DNS content filter profile, you need to apply it to two security policies to make it work, that is,…
-
Why I get blocked by Zyxel Certificate when accessing website?
Scenario: When accessing websites, I encnounter difficulties for connecting to websites, and it shows the certificate is untrusted. Answer: dnsft.cloud.zyxel.com is our blocked page for the DNS content filter, and the certificate is a content filter certificate that will replace the original cert when accessing a website…
-
How can I troubleshoot if UTM feature not work as expected
Please verity the status of UTM activation using CLI: 1)Show the UTM service status Router(config)# show security-service status 2)if the activation is no which means the the feature won't work, Please perform following CLI to enable. Router(config)# security-service {UTM Name} activate For example: Router(config)#…
-
How to switch security policy style from advance to general?
If you need to switch the security policy style, follow these steps: Remove all UTM profiles except Content Filter and App Patrol from security policy rules. Ensure to de-apply the Email Security and Anti-Malware profiles in security policy rules. Verify the status using the command. Router(config)# show security-service…
-
How to check the statistics of the App Patrol through the Web GUI and CLI?
Question : When users configure the App Patrol feature by applying it to firewall rules, they may want to monitor application statistics information. This article will guide users on how to check the statistics of the App Patrol through the Web GUI and CLI. Answer : Please navigate to the Web-GUI path: Monitor > Security…
-
Why can't I access the websites? It appears to be unexpectedly blocked by the firewall
Scenario : Why can't I access websites? Such as Youtube. If checking the returned certificate notice the DNS name is dnsft.cloud.zyxel.com. It appears to be unexpectedly blocked by the Zyxel firewall. Answer : There is a way to diagnose this problem. STEP1. Please use the CLI "nslookup www.youtube.com 8.8.8.8" to check if…
-
[FLEX/ATP]Why does UTM feature on USG sometimes not work as expected?
Question: During working hours, sometimes we can access web sites which are not allow to access based on the profile of content filter. The content filter doesn’t seem to work. Moreover, Anti-virus also does not work at the same time. Why does UTM feature on USG sometimes not work as expected? Answer: The device goes into…
-
Show System Protection Signature in Zyxel USG FLEX / ATP
What's System Protection: System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross- site scripting and path traversal. Checking the signature: Using the GUI Using the CLI
-
How do I use IPS to block the download of a file that includes the EICAR string?
Scenario : The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it. Answer : Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated Try to download a file containing an EICAR string via…
-
How do I know which category a URL is classified by CLI ?
Enter the Test Command: Use the command "content-filter url-server test". Router(config)# content-filter url-server test This command puts you in the mode to test URLs with the external Web Content Filter. Test the URL: Input the URL you wish to classify. The system will then check the URL against the external Web Content…
-
What does the log “abnormal TCP flag attack detected” mean?
Question: What does the log “abnormal TCP flag attack detected” mean? Answer: A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets. This issue occurs when the device receives packets with: (1) ALL TCP flags bit…
-
How to restrict VPN user by secure policy
Best practice: If you set user filed, firewall will do the mapping between User→IP address. You don't need to point certain source address or pool at "IPv4 Source" filed if no additional requirement.
-
How to configure IPS to inspect traffic by policy?
Question: Currently, IPS has the button "Enable" only to activate or deactivate the IPS feature without profile setting. How to configure IPS to inspect traffic by policy? Answer: Use the command to switch security policy to policy style. Router# configure terminal Router(config)# secure-policy-style advance…
-
Why I see DNS block when DNS fiilter is set to redirect?
Question: Why I set the action as redirect, but the logs show it was blocked? Ans: Only Type 'A' DNS queries are allowed by Zyxel firewall, other types would be blocked automatically, in other words, when detecting Type 'A' dns query, the firewall will follow the action, but if it's another type, it will be blocked.
-
How to apply security service inspected by policy?
By default, this setting status is general, so you will some security service is applied by all traffic, instead of applied by policy. When security-policy-style is set to advance, you will find that there is an option Inspect by policy You can change to status by Router(config)# secure-policy-style advance
-
How to clear the browser's DNS cache to prevent it from influencing the DNS content filter?
Question: How to clear the browser's DNS cache to prevent it from influencing the DNS content filter? Answer: To avoid the browser's cache, you can clear it using the following method. Google Chrome: Open a new tab. Type chrome://net-internals/#dns in the address bar and press Enter. Click the "Clear host cache" button to…