Question about a security log entry
What is going on here?
btw, I have a GEO fencing rule WAN to Zywall for Asia.
But doesn't seem that rule triggered.
39
2022-10-17 13:27:01
alert
User
Failed login attempt to Device from ssh (incorrect password or inexistent username) [count=4]
[my public IP]
Account: root
40
2022-10-17 13:27:01
alert
User
Fail login attempt to Device from ssh (login on a lockout address) [count=4]
[my public IP]
Account: root
0
All Replies
-
Hi @tesagigTo avoid some suspicious or malicious access to your device, you can configure the Geo IP block feature and the more rigorous access way on your device, please refer to the below links:
How to Use GeoIP Feature0 -
I do have two security policies:1.) any to Zywall2.) any to any(excluding zywall)both deny with a IP4 source group that includes "Asia"no logSO, I wonder why I still saw the log entry?0
-
Hi @tesagig
Not sure if your security policy of "any to Zywall" for Geo IP blocking is the lower priority, you could move it to the higher priority as below example:
0 -
I have the GEO policies already at prio 1 and 2 (on top)
0 -
"Block this among everything" usually work worse than "allow only this among everything", by a security standpoint.
0 -
tesagig said:I have the GEO policies already at prio 1 and 2 (on top)
You can enable "log alert" on the Geo IP blocking security policy and check Monito>Log to see if this security policy is working for you. If there are blocked messages means this security policy is working and you are protected by this policy.0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight