Security Service - Zyxel Community

Show System Protection Signature in Zyxel USG FLEX / ATP
What's System Protection: System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross- site scripting and path traversal. Checking the signature: Using the GUI Using the CLI
How do I use IPS to block the download of a file that includes the EICAR string?
Scenario : The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it. Answer : Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated Try to download a file containing an EICAR string via…
How do I know which category a URL is classified by CLI ?
Enter the Test Command: Use the command "content-filter url-server test". Router(config)# content-filter url-server test This command puts you in the mode to test URLs with the external Web Content Filter. Test the URL: Input the URL you wish to classify. The system will then check the URL against the external Web Content…
What does the log “abnormal TCP flag attack detected” mean?
Question: What does the log “abnormal TCP flag attack detected” mean? Answer: A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets. This issue occurs when the device receives packets with: (1) ALL TCP flags bit…
How to restrict VPN user by secure policy
Best practice: If you set user filed, firewall will do the mapping between User→IP address. You don't need to point certain source address or pool at "IPv4 Source" filed if no additional requirement.
How to configure IPS to inspect traffic by policy?
Question: Currently, IPS has the button "Enable" only to activate or deactivate the IPS feature without profile setting. How to configure IPS to inspect traffic by policy? Answer: Use the command to switch security policy to policy style. Router# configure terminal Router(config)# secure-policy-style advance…
Why I see DNS block when DNS fiilter is set to redirect?
Question: Why I set the action as redirect, but the logs show it was blocked? Ans: Only Type 'A' DNS queries are allowed by Zyxel firewall, other types would be blocked automatically, in other words, when detecting Type 'A' dns query, the firewall will follow the action, but if it's another type, it will be blocked.
How to apply security service inspected by policy?
By default, this setting status is general, so you will some security service is applied by all traffic, instead of applied by policy. When security-policy-style is set to advance, you will find that there is an option Inspect by policy You can change to status by Router(config)# secure-policy-style advance
How to clear the browser's DNS cache to prevent it from influencing the DNS content filter?
Question: How to clear the browser's DNS cache to prevent it from influencing the DNS content filter? Answer: To avoid the browser's cache, you can clear it using the following method. Google Chrome: Open a new tab. Type chrome://net-internals/#dns in the address bar and press Enter. Click the "Clear host cache" button to…
How to block a specific device by Device Insight?
Scenario : When an administrator wants to block a specific device due to its abnormal or violating behaviors in the network environment, how can this be achieved? Answer : If the administrator enabled the Device Insight feature on the firewall and can navigate to Monitor > Network Status > Device Insight > select the…
How to trigger " Security Check for Web Interface "function ?
Scenario : The USG Flex/ATP series firewall has a security mechanism that can let the user configure the Web-GUI / SSL VPN/ 2FA / IPsec VPN client provisioning pot from the Security Check for Web Interface page, how to trigger this page? Answer : This page serves as a security notification to advise the user to modify the…
How to report false GEO-IP location?
Once you recognize an IP address is determined in the wrong country/region in our Geo-IP feature, you can report it directly to our external vendor MaxMind which is responsible for the GEO-IP signatures. Navigate to Configuration > Object > Address/Geo IP > Geo IP, and make sure the signature is the latest one. Input the…
What is the difference between deny and reject in Security Policy?
Question When configuring Security Policy, you will see the actions "Deny" and "Reject", what's the difference in the behavior between Deny and Reject? Answer Both deny and reject are intended to block traffic, however, the difference is whether the traffic will be blocked with a response message or not. If the Firewall…
How to check client's traffic logs by Application on SecuReporter?
Question: The administrator would like to check which IP address uses YouTube or Facebook the most. How to check client's traffic logs by Application on SecuReporter? Answer: On SecuReporter, go to Analysis > Traffic. In Traffic Detail, click "by Application". Select the application name. Note: To check the details usage…
Guide to Configuring OpenDNS on Your Zyxel Firewall
OpenDNS has three advantages over ordinary DNS. OpenDNS can identify and block phishing websites. OPEN DNS is faster than ordinary DNS OpenDNS can automatically correct spelling errors: if you accidentally type a URL with a typo, OpenDNS can also direct you to the correct website. This concise guide will walk you through…
Tuning peformance of SSL Inspection
Symtom: When you turn on the feature, the response speed is very slow when you access website for the first time, especially when the website has multiple links at the same time. Workaround: 1)Install 5.37 wk30 and perform the following command: Router# debug content-filter cache activate Router# debug content-filter cache…
Why is there a "Match default rule, DROP" message in the Monitor Log? What does it mean?
Background and Scenario: When we navigate through the Monitor Log, we might find the log message "Match default rule, DROP." How is this log message generated? Answer: The log message is generated by our default security policy. Its purpose is to drop unknown packets by our firewall in order to enhance your network…
An easier way to input a large list of blocked IPs
If you want to block a large list of addresses to access your firewall, but don't want to create the address object one by one, we can do it by directly adjusting the configuration. Solution: a. Download the startup-config.conf and open the .conf file with txt notebook b. Find the configuration of address-object and…
How to configure ADP block IP time period?
Background and Scenario: Could it be possible to limit the tries from a certain IP to a port forward on the USG FLEX series? For example, someone that sends a DOS to an opened port, if he tries 5 times in a short amount of time, that is blocked for 1 hour. Answer: You could configure the block period to 3600 seconds on the…
How to solve the issue that GEO-IP blocks internal LAN IP that belongs to a certain Geo Region IP?
The administrator wants to block web GUI access from Venezuela so the following security policy is created. However, GEO-IP blocks internal LAN IPs because the LAN subnet has the same IP range of a certain Geo Region IP. How to solve this issue if it is impossible to change the LAN IP address? Suppose you'd like to block…

Welcome!

It looks like you're new here. Sign in or register to get started.