USG 110 - How to create an IP Blacklist?
Options
Just experiencing a lot of USG Alert Logs containing "abnormal TCP traffic detected" which originates often from same external internet IP addresses.
No. Date/Time Source Destination
Priority Category Note
Message
1 2022-01-31 02:27:34 119.1.169.252:48336 ***.***.***.***
alert secure-policy ACCESS BLOCK
abnormal tcp traffic detected, destination port is zero, DROP
Priority Category Note
Message
1 2022-01-31 02:27:34 119.1.169.252:48336 ***.***.***.***
alert secure-policy ACCESS BLOCK
abnormal tcp traffic detected, destination port is zero, DROP
USG is working fine and drops these attempts. But we are annoyed from the permanent alert log warnings. We don't want to switch-off these "abnormal TCP traffic warnings", but would like to maintain an IP blacklist to let USG directly drop any traffic attempt from these external IPs.
Unfortunately I always have to create a new "service" containing the IP address followed by adding this service to a service group "blacklist" which is addressed in Security Policy for dropping.
Is there a better way to maintain a IP blacklist, preferably adding these non consecutive IPs to a simple list?
0
All Replies
-
Hi @USG_User,
currently, your way how to handle looks the only way. It´s a mix between getting still informed about such logs (or disabling the default log level here) or manual maintenance of the blacklisted group.
As long as this is coming to Firewall Module and not to some UTM module, I don´t see adjustment possibilities here.
Please post it into the Idea Section in case you may want to add this into some UTM features as Auto-detection in the future.
https://community.zyxel.com/en/categories/security-ideas
Thanks.
Tobias0 -
Thanks Tobias, already assumed that there is no simplier solution available.
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 76 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight