SSL VPN vulnerability of June 24th, 2021
Options
All Replies
-
Denying WAN to Zywall source = All should stop any of the attacks right? no need to really change any ports? it looks like all services are tied to the WAN object by defaultChipConnJohn said:For my part, I haven’t been able to make sense of the vulnerability given what Zyxel is telling us. I have locked down WAN->Device allowing only IPs I specify to access. It hasn’t been too bad. I sent an email last week apologizing and directing users to a site that gives their wan ip and they email or text it to me and I add it to the device.
For the current models that support FQDN - I'm having my users create DDNS (lots of free ones out there), and they can manually update that FQDN if their ISP changes. Then on our end trust the FQDN. Optionally, if you pay for those DDNS services, add all of those FQDN as trust and you can update those when users change IPs, this way, won't have to keep adding more rules to the security policy.0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 204 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight
