Improving security
Presumably the "security policy" items are the key items to take a look at?
Best Answers
-
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
All Replies
-
The default in a SNAT setup is to allow all from LAN1 to WAN so you can limit what goes out the USG by setting up rule from LAN1 to WAN to not need all from LAN1 to WAN.
You can setup a group like TCP and UDP and add ports in each to then select it for a firewall rule.
1 -
Hi @Dovetail_MD
You can setup policy control to check traffics been allowed or dropped.
In policy control, “log matched traffic” should selected as “log” or “log alert”
And you can go to monitor > Log make sure if traffic is passed or dropped.
1 -
Thank you - I will have a poke around.One issue seems to be that although I have logging chosen for my NAT/port 25 traffic, they do not seem to be any reports from it - do you have any idea why that might be?For the avoidance of doubt there is traffic flowing through that port over that NAT arrangement0
-
Hi Dovetail_MD
The traffic allowed/blocked log entries are managed by policy control. So device needs additional policy control to monitor it.
As your example, if device has forwarded 25 port by NAT rule.The policy control should setup like this:
From: WAN, To: LAN, Source: Any, Destination: YOUR-SERVER, Service: SMTP, Action: Allowed, Log Matched Traffic: Log
5
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight