Security Service - Zyxel Community

How to check the statistics of the App Patrol through the Web GUI and CLI?
Question : When users configure the App Patrol feature by applying it to firewall rules, they may want to monitor application statistics information. This article will guide users on how to check the statistics of the App Patrol through the Web GUI and CLI. Answer : Please navigate to the Web-GUI path: Monitor > Security…
Why can't I access the websites? It appears to be unexpectedly blocked by the firewall
Scenario : Why can't I access websites? Such as Youtube. If checking the returned certificate notice the DNS name is dnsft.cloud.zyxel.com. It appears to be unexpectedly blocked by the Zyxel firewall. Answer : There is a way to diagnose this problem. STEP1. Please use the CLI "nslookup www.youtube.com 8.8.8.8" to check if…
[FLEX/ATP]Why does UTM feature on USG sometimes not work as expected?
Question: During working hours, sometimes we can access web sites which are not allow to access based on the profile of content filter. The content filter doesn’t seem to work. Moreover, Anti-virus also does not work at the same time. Why does UTM feature on USG sometimes not work as expected? Answer: The device goes into…
Show System Protection Signature in Zyxel USG FLEX / ATP
What's System Protection: System protection signatures protect your Zyxel Device and local networks from web attacks, such as command injection, cross- site scripting and path traversal. Checking the signature: Using the GUI Using the CLI
How do I use IPS to block the download of a file that includes the EICAR string?
Scenario : The Zyxel firewall supports detecting EICAR-related strings by IPS service, this article will guide you on how to deploy it. Answer : Please go to Security Services, enable the IPS feature, and make sure that the signature 'Eicar Test String' is activated Try to download a file containing an EICAR string via…
How do I know which category a URL is classified by CLI ?
Enter the Test Command: Use the command "content-filter url-server test". Router(config)# content-filter url-server test This command puts you in the mode to test URLs with the external Web Content Filter. Test the URL: Input the URL you wish to classify. The system will then check the URL against the external Web Content…
What does the log “abnormal TCP flag attack detected” mean?
Question: What does the log “abnormal TCP flag attack detected” mean? Answer: A log of "Abnormal TCP flag attack detected" means the firewall detects a potentially malicious network traffic pattern involving TCP flags, and drops these packets. This issue occurs when the device receives packets with: (1) ALL TCP flags bit…
How to restrict VPN user by secure policy
Best practice: If you set user filed, firewall will do the mapping between User→IP address. You don't need to point certain source address or pool at "IPv4 Source" filed if no additional requirement.
How to configure IPS to inspect traffic by policy?
Question: Currently, IPS has the button "Enable" only to activate or deactivate the IPS feature without profile setting. How to configure IPS to inspect traffic by policy? Answer: Use the command to switch security policy to policy style. Router# configure terminal Router(config)# secure-policy-style advance…
Why I see DNS block when DNS fiilter is set to redirect?
Question: Why I set the action as redirect, but the logs show it was blocked? Ans: Only Type 'A' DNS queries are allowed by Zyxel firewall, other types would be blocked automatically, in other words, when detecting Type 'A' dns query, the firewall will follow the action, but if it's another type, it will be blocked.
How to apply security service inspected by policy?
By default, this setting status is general, so you will some security service is applied by all traffic, instead of applied by policy. When security-policy-style is set to advance, you will find that there is an option Inspect by policy You can change to status by Router(config)# secure-policy-style advance
How to clear the browser's DNS cache to prevent it from influencing the DNS content filter?
Question: How to clear the browser's DNS cache to prevent it from influencing the DNS content filter? Answer: To avoid the browser's cache, you can clear it using the following method. Google Chrome: Open a new tab. Type chrome://net-internals/#dns in the address bar and press Enter. Click the "Clear host cache" button to…
How to block a specific device by Device Insight?
Scenario : When an administrator wants to block a specific device due to its abnormal or violating behaviors in the network environment, how can this be achieved? Answer : If the administrator enabled the Device Insight feature on the firewall and can navigate to Monitor > Network Status > Device Insight > select the…
How to trigger " Security Check for Web Interface "function ?
Scenario : The USG Flex/ATP series firewall has a security mechanism that can let the user configure the Web-GUI / SSL VPN/ 2FA / IPsec VPN client provisioning pot from the Security Check for Web Interface page, how to trigger this page? Answer : This page serves as a security notification to advise the user to modify the…
How to report false GEO-IP location?
Once you recognize an IP address is determined in the wrong country/region in our Geo-IP feature, you can report it directly to our external vendor MaxMind which is responsible for the GEO-IP signatures. Navigate to Configuration > Object > Address/Geo IP > Geo IP, and make sure the signature is the latest one. Input the…
What is the difference between deny and reject in Security Policy?
Question When configuring Security Policy, you will see the actions "Deny" and "Reject", what's the difference in the behavior between Deny and Reject? Answer Both deny and reject are intended to block traffic, however, the difference is whether the traffic will be blocked with a response message or not. If the Firewall…
How to check client's traffic logs by Application on SecuReporter?
Question: The administrator would like to check which IP address uses YouTube or Facebook the most. How to check client's traffic logs by Application on SecuReporter? Answer: On SecuReporter, go to Analysis > Traffic. In Traffic Detail, click "by Application". Select the application name. Note: To check the details usage…
Guide to Configuring OpenDNS on Your Zyxel Firewall
OpenDNS has three advantages over ordinary DNS. OpenDNS can identify and block phishing websites. OPEN DNS is faster than ordinary DNS OpenDNS can automatically correct spelling errors: if you accidentally type a URL with a typo, OpenDNS can also direct you to the correct website. This concise guide will walk you through…
Tuning peformance of SSL Inspection
Symtom: When you turn on the feature, the response speed is very slow when you access website for the first time, especially when the website has multiple links at the same time. Workaround: 1)Install 5.37 wk30 and perform the following command: Router# debug content-filter cache activate Router# debug content-filter cache…
Why is there a "Match default rule, DROP" message in the Monitor Log? What does it mean?
Background and Scenario: When we navigate through the Monitor Log, we might find the log message "Match default rule, DROP." How is this log message generated? Answer: The log message is generated by our default security policy. Its purpose is to drop unknown packets by our firewall in order to enhance your network…

Welcome!

It looks like you're new here. Sign in or register to get started.