Security Ideas - Zyxel Community

Emergency codes for 2FA
Good day! Today, the failure of ViaNett for the SMS showed the vulnerability of the 2FA solution from Zyxel. IT is absolutely mandatory to have emergency codes at least for the administrator login. As implemented in the Nebula portal Zyxel should know the system of emergency codes. When can we expect to have a working 2FA…
Displayed log including mac address, timestamp and websites in a log file.
This discussion was created from comments split from:Log web history Description: To display users login websites log, including user MAC address, websites & timestamp.
ADP SYN, ACK flood from SYN
Theirs is no way to tell if a SYN is valid or not but lets say its not your server sends a SYN,ACK waits a bit if no replay sends another waits again till a RST is sent its a low DDoS bandwidth attack that can add up so what if the USG allow the first SYN,ACK but drops the others.
Display wireless related log on SecuReporter
This discussion was created from comments split from: suggestion new SecuReporter integration Description: Displayed AP Controller related log on SecuReporter
Hit count - security policy
Hello! Maybe it is possible to add a "hit count" to the security policy rules, to see the activity of a specific rule. BR, MJR
Optimize the email log report
This discussion was created from comments split from: is-it-possible-to-change-the-format-of-e-mailed-reports Description: Optimize the email log report.Considering to attach the log as a file in the mail attachment to avoid any kind of mail layout problem.
PCI Compliant
This discussion was created from comments split from: pci-compliant Description: To compatible with the PCI compliance, the SSL certificate validity need to re-authenticated more frequently.
Show IPSec VPN logged in user with certificate on IPSec VPN Monitor
This discussion was created from comments split from: USG310 - IPSEC Client & Certificate & Who is logged in Description: Currently we support related connection of IPSec VPN information on IPSec VPN Monitor, but do not support which user logged in IPSec VPN tunnel with certificate.
NAT to do ports to port
When making a NAT rule you select for port mapping type ports to port where you can set external start port e.g. 49142 and external end port e.g. 65535 to internal port e.g. 80
Add description field next to the IP address in the white and blacklist of IP Reputation on ATP
This discussion was created from comments split from: IP Reputation Whitelist not working Description: It would be great if there would be a comment field right beside the IP address in the white and blacklist of IP Reputation on ATP so that the user can add an info to the IP address. Click like if you think the feature is…
Zywall management pack for System Center Operation Manager (SCOM) 2016+
Hi all. This is not question, this more solution. In our organization we use SCOM for monitoring servers and some other equipment. I wrote custom mp for monitoring our differents ZWs. It collects memory & processor perfomance, creates alert if processor, memory or flash used high, if ZW has unconnected vpn tunnels and if…
Consumer grade NBG6615 firmware V1.00(ABMV.2)C0 Unable to change System Name and Domain
This is a really basic device, but, I just set this up for one of my clients whose office has all enterprise grade equipment, but they just need something super basic at home. During the setup I found that the page where you change the system name and domain name is shared with the password change page, and it prompts for…
FW-Upgrade standard behaviour: -> "Ignore errors and finish applying the configuration file"
In case of a failure during a FW-update (i.e. from v.4.33 to v4.35) the USG falls back to default config and will be in an unconfigured condition. There is no simple possibility to do further remote administration. IDEA: Please add a choice - before the FW-upgrade starts - like when applying a configuration file: If…
geographic areas in GEOGRAPHY IP OBJECTS
Can we get geographic areas grouped like here: I want to block most of the countries to access my Zyxell and it will be great improvement to do it fast. I think many users will use this feature.
How to block domains less than x days old?
This discussion was created from comments split from: How to block domains less than x days old? Background: an article on The Register suggesting to block domains less than 30 days old because they are most likely to carry malicious code. Click like if you think the feature is useful and beneficial.? Ref:…
User-/Admin-Interface on different Ports
Hi ZyWAL Community, i'm missing the feature at ZYXEL, that e.g. Port 443 is ONLY the User portal Port 1234 (example) the Admin Interface This also means that with a default USG config, the user reaches at max the user portal from the WAN, but not the admin interface. From my point of view this is a plus in security.
DynDNS
This discussion was created from comments split from: DynDNS Description: Enhancement for No-IP primary binding address can support auto option.
Improve device outgoing connection.
This is for went the USG/ZyWALL connects outgoing for such Service like registration, activation of services and SecuReporter. The USG/ZyWALL will send a TCP SYN packet out every interface with a gateway first interface to get a SYN, ACK will send traffic out that interface.
Automate loading exceptions for Office 365 using Office 365 endpoints XML
This discussion was created from comments split from: Automate loading exceptions for Office 365 using Office 365 endpoints XML Description: USG can create an “office 365 Address” object, the object might be include all 365 IP, or base on region(China, Germany, worldwide). It can sync up automatically to get the…
SecuManager on a cloud
Any plans to implement SecuManager on a cloud as second option?

Welcome!

It looks like you're new here. Sign in or register to get started.