Improving security

Dovetail_MD
Dovetail_MD Posts: 81  Ally Member
First Comment Second Anniversary
edited April 2021 in Security
Now having the USG 60 W live I'm wondering how to review precisely what it is blocking locking and letting through

Presumably the "security policy" items are the key items to take a look at?

Best Answers

  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Comment Second Anniversary
    Answer ✓
    Thank you - I will have a poke around.

    One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?

    For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 2018

    The default in a SNAT setup is to allow all from LAN1 to WAN so you can limit what goes out the USG by setting up rule from LAN1 to WAN to not need all from LAN1 to WAN.

    You can setup a group like TCP and UDP and add ports in each to then select it for a firewall rule.   

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @Dovetail_MD

    You can setup policy control to check traffics been allowed or dropped.

    In policy control, “log matched traffic” should selected as “log” or “log alert”


    And you can go to monitor > Log  make sure if traffic is passed or dropped.


  • Dovetail_MD
    Dovetail_MD Posts: 81  Ally Member
    First Comment Second Anniversary
    Answer ✓
    Thank you - I will have a poke around.

    One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?

    For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement

Security Highlight