What is IKE and what has someone done in my USG40W ?

[Deleted User]
[Deleted User] Posts: 51  Ally Member
Friend Collector First Comment
edited October 2021 in Security
Since opening a NAT Port Forward I am keeping a close eye on logs lately and everything seems ok but for this entry I discovered a few minutes ago:




What does that mean and what has it done to my device?

There is nothing additional configured on the device, no VPN, no accounts, no vlan, or anything else

All Replies

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    IMVHO someone try to... connect via IPSec.
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    edited October 2021
    ...and suceeded, or not?
    Most other entries in my log shows BLOCKED when conn is blocked. This does not.

    And here is another entry:


  • jasailafan
    jasailafan Posts: 189  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited October 2021
    It seems someone is trying to build vpn to your device. Try to add a new security policy rule to block the suspect source IP or Geo IP.
    New Rule
    From: WAN
    To: ZyWALL
    Source: suspect source IP or Geo IP
    Service: any
    Action: deny

    If you're using ipsec vpn, you can also edit the default WAN_to_Device rule and allow authorized IP in "Source".  
    Default WAN_to_ZyWALL rule
    From: WAN
    To: ZyWALL
    Source: authorized IP
    Service: Default_Allow_WAN_To_ZyWALL
    Action: allow
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    Friend Collector First Comment
    Well, that is the thing, I have no VPN configured, nothing whatsoever.

Security Highlight