What is IKE and what has someone done in my USG40W ?

[Deleted User]
[Deleted User] Posts: 51  Ally Member
First Comment Friend Collector
edited October 2021 in Security
Since opening a NAT Port Forward I am keeping a close eye on logs lately and everything seems ok but for this entry I discovered a few minutes ago:




What does that mean and what has it done to my device?

There is nothing additional configured on the device, no VPN, no accounts, no vlan, or anything else

All Replies

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    IMVHO someone try to... connect via IPSec.
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    First Comment Friend Collector
    edited October 2021
    ...and suceeded, or not?
    Most other entries in my log shows BLOCKED when conn is blocked. This does not.

    And here is another entry:


  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    edited October 2021
    It seems someone is trying to build vpn to your device. Try to add a new security policy rule to block the suspect source IP or Geo IP.
    New Rule
    From: WAN
    To: ZyWALL
    Source: suspect source IP or Geo IP
    Service: any
    Action: deny

    If you're using ipsec vpn, you can also edit the default WAN_to_Device rule and allow authorized IP in "Source".  
    Default WAN_to_ZyWALL rule
    From: WAN
    To: ZyWALL
    Source: authorized IP
    Service: Default_Allow_WAN_To_ZyWALL
    Action: allow
  • [Deleted User]
    [Deleted User] Posts: 51  Ally Member
    First Comment Friend Collector
    Well, that is the thing, I have no VPN configured, nothing whatsoever.

Security Highlight