Firewall - Match default rule

follet
follet Posts: 32  Freshman Member
First Comment Friend Collector Third Anniversary
Hello. After solving the issue with UDP flooding, I see firewall logs:
Firewall - Match default rule, DROP - access block
See screenshot:

So, What does it mean? I use rules double times? I am happy, that these packages have been dropped, but it would be great if you explain to me whether it is good or not...

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓
    Hi @follet

    Those logs were generated by the last security policy(default rule). Just as smb_corp_user mentioned that it means those IPs didn't hit your existing policies but hit the default rule then the firewall dropped it. The purpose of the default rule is to avoid suspicious IPs trying to access your device or network.


     If you think those logs are too many and too often occur on the Monitor logs even impacting the readability of the Monitor log, you could choose don't appear default rule logs, as below:


    Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

All Replies

  • smb_corp_user
    smb_corp_user Posts: 163  Master Member
    5 Answers First Comment Friend Collector Second Anniversary
    As long as the source IP addresses are not allowed access to your network, you should edit the FW rule and select "Do Not Log" for these dropped packages. Dropped packages is usually traffic you do not allow (noise and random sniffing attacks), so all those entries are useless in your logs (unless you have more than enough time to read these logs).
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓
    Hi @follet

    Those logs were generated by the last security policy(default rule). Just as smb_corp_user mentioned that it means those IPs didn't hit your existing policies but hit the default rule then the firewall dropped it. The purpose of the default rule is to avoid suspicious IPs trying to access your device or network.


     If you think those logs are too many and too often occur on the Monitor logs even impacting the readability of the Monitor log, you could choose don't appear default rule logs, as below:


    Thanks.


    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

Security Highlight