Firewall - Match default rule
Freshman MemberHello. After solving the issue with UDP flooding, I see firewall logs:
Firewall - Match default rule, DROP - access block
See screenshot:
So, What does it mean? I use rules double times? I am happy, that these packages have been dropped, but it would be great if you explain to me whether it is good or not...
So, What does it mean? I use rules double times? I am happy, that these packages have been dropped, but it would be great if you explain to me whether it is good or not...
0
Accepted Solution
-
Hi @follet
Those logs were generated by the last security policy(default rule). Just as smb_corp_user mentioned that it means those IPs didn't hit your existing policies but hit the default rule then the firewall dropped it. The purpose of the default rule is to avoid suspicious IPs trying to access your device or network.
If you think those logs are too many and too often occur on the Monitor logs even impacting the readability of the Monitor log, you could choose don't appear default rule logs, as below:
Thanks.0
Zyxel EmployeeAll Replies
-
As long as the source IP addresses are not allowed access to your network, you should edit the FW rule and select "Do Not Log" for these dropped packages. Dropped packages is usually traffic you do not allow (noise and random sniffing attacks), so all those entries are useless in your logs (unless you have more than enough time to read these logs).1
Ally Member
Categories
- All Categories
- 187 Beta Program
- 1.7K Nebula
- 91 Nebula Ideas
- 63 Nebula Status and Incidents
- 4.7K Security
- 236 Security Ideas
- 1.1K Switch
- 51 Switch Ideas
- 917 WirelessLAN
- 27 WLAN Ideas
- 5.4K Consumer Product
- 173 Service & License
- 296 News and Release
- 65 Security Advisories
- 14 Education Center
- 1K FAQ
- 452 Nebula FAQ
- 256 Security FAQ
- 100 Switch FAQ
- 115 WirelessLAN FAQ
- 22 Consumer Product FAQ
- 67 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 52 Security Highlight
